FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes some possible configuration options that could be referred to for HA cluster failover time optimizations.
Scope
FortiGate.
Solution
Configuring FortiGate to send more gratuitous ARP packets and reduce the timers between gratuitous arp packets to help connected network equipment recognize the failover sooner.
config system ha
set arps 20
set arps-interval 2
end
Configuring to send a link failed signal after a link failover to make sure that attached network equipment responds as quickly as possible to a link failure.
config system ha
set link-failed-signal enable
end
To fine-tune the number of lost heartbeat packets and the heartbeat interval timers to be able to more quickly detect a device failure.
config system ha
set hb-interval 2
set hb-interval-in-milliseconds 10ms
set hb-lost-threshold 2
end
With default hb-interval of 2, it means that, a heartbeat is sent every 200 (2x100) mseconds.
And with hb-lost-threshold set as 2, a failover can be triggered in 400msec (2x100x2).
