FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes some possible configuration options that could be referred for HA cluster failover time optimizations.
Scope
FortiGate.
Solution
1). Configuring FortiGate to send more gratuitous arp packets and reduce the timers between gratuitous arp packets to help connected network equipment recognize the failover sooner.
# config system ha
set arps 20
set arps-interval 2
end
2). Configuring to send a link failed signal after a link failover to make sure that attached network equipment responds as quickly as possible to a link failure.
# config system ha
set link-failed-signal enable
end
3). To fine-tune the number of lost heartbeat packets and the heartbeat interval timers to be able to more quickly detect a device failure.
