Description
This article describes a list of resources related to High Availability (HA) on the FortiGate. This feature is implemented using the FortiGate Clustering Protocol (FGCP) and allows the FortiGate to minimize disruption/downtime to the network and provide redundancy in case one of the FortiGates experiences an issue.
Scope
FortiGate.
Solution
The FortiGate Clustering Protocol (FGCP) is a proprietary HA solution that allows two to four FortiGates to negotiate the creation of a single logical 'cluster'. Each FortiGate in the cluster must be the same model, have identical licensing, and must be running the same firmware version and revision. Cluster members must also run matching operating modes (Transparent or NAT mode) and have the same hardware configuration (such as the same number of hard disks).
When operating in an FGCP cluster, all members will share a synchronized configuration. Some device-specific configurations are not synchronized, such as device hostname, HA override and priority values, and interface settings related to HA reserved management interfaces. Traffic will generally flow through the HA Primary unit only, though in some specific scenarios, an Active/Active cluster can redirect traffic from the HA Primary to an HA Secondary unit for processing.
Refer to the list of resources below for help with configuring and troubleshooting High Availability on the FortiGate:
| Configuration |
| Title | Description |
|
|
Primary documentation in the Admin Guide regarding FortiGate Clustering Protocol (FGCP) based High Availability. Discusses general operation, failover protection, and what configuration is synced vs. not synced between cluster members. |
| Admin Guide section for configuring HA Active/Passive Clusters with the minimum required settings, including HA mode, device priority, HA group ID and group name, password, and HA heartbeat interfaces. | |
| Additional guidance for configuring a basic Active/Passive (A-P) HA FortiGate cluster. | |
| Explains basic HA deployment designs when connecting the FortiGate HA cluster to downstream network switches (both with and without LACP, aka 802.3ad). | |
| Discusses the requirements for successfully forming an HA cluster between two or more FortiGates, such as having matching model/hardware configurations and matching FortiGuard licensing. | |
|
HA primary unit selection criteria
|
Discusses how HA Primary units are elected within the cluster, which involves checking and comparing HA monitored interfaces, cluster member uptime values, override/priority values, and serial numbers. |
| Describes how to configure an HA Reserved Management Interface, which allows administrators to reach each FortiGate HA cluster member independently over an out-of-band network. | |
|
Describes how to configure HA remote IP monitoring, where the HA primary unit will continuously ping a remote resource to validate network connectivity and will trigger a failover if no response is received. |
|
|
Legacy Article - describes how to configure HA remote IP monitoring in FortiOS 4.2 and earlier. |
|
|
Describes how to configure the HA cluster to synchronize sessions using a dedicated session-sync-dev, rather than sharing the heartbeat interface. |
|
|
Technical Tip: Sending messages (logs, SNMP) directly from the HA management interface |
Describes how to configure HA cluster members to send messages (such as logs, SNMP traps, RADIUS authentication, etc.) directly from the HA reserved management interface using ha-direct. |
|
Technical Tip: Changing the HA heartbeat timers to prevent false failover |
Describes how to modify heartbeat timers for HA clusters to prevent false/unnecessary failovers. |
|
Technical Tip: Configuring HA virtual cluster with VDOM Partitioning |
Describes how to configure the HA cluster for virtual clustering and VDOM partitioning. This allows for separate cluster members to act as the primary for specific VDOMs, which can allow for more efficient FortiGate resource utilization. |
|
Technical Tip: Upgrading HA virtual cluster with VDOM Partitioning with more than two FortiGates |
Describes how to upgrade an HA cluster with more than two FortiGates that is also using VDOM partitioning. |
|
Technical Tip: Controlling how HA synchronizes routing table updates |
Describes the route-hold, route-ttl, and route-wait settings, which are used to adjust how frequently the HA Primary FortiGate syncs kernel routes to Secondary FortiGates and how long the Secondary FortiGates will hold onto those routes after a failover occurs (useful for allowing traffic to flow after a failover but before dynamic routing has had time to restore neighborships). |
|
Technical Tip: HA reserve management interface with managed FortiSwitch |
This article describes best practice recommendations for an HA reserve management interface when it is connected via FortiLink. |
| Technical Tip: Types of HA Sync | Discusses the differences between incremental synchronization and periodic synchronization between HA cluster members |
| Describes the recommended setup when combining FortiGate HA clusters with Cisco Nexus switches using LACP and Virtual Port Channel (vPC). | |
|
Technical Tip: Aggregate link configuration topologies in a High Availability cluster
|
Describes the recommended topologies when combining FortiGate HA clusters with LACP aggregate connections to other devices. |
| Troubleshooting (Technical Tip) |
| Title | Description |
| Troubleshooting Tip: Fix an HA (High Availability) cluster upgrade failure | Describes how to fix a scenario where an HA cluster firmware upgrade results in each FortiGate having a different firmware version. |
|
Guides resolving HA synchronization issues that result in the cluster reporting as out-of-sync. |
|
|
Troubleshooting Tip: Verifying physical and HA Virtual MAC addresses of FortiGate interfaces |
Explains how to verify the physical and virtual MAC addresses assigned to FortiGate interfaces when operating in an HA cluster. |
| Technical Tip: A conflict HA virtual MAC address in the different HA cluster | Describes how to resolve virtual MAC address conflicts using HA group-id. This issue can occur when multiple HA clusters are present in the same network/broadcast domain. |
| Describes different methods for triggering a controlled failover in an HA cluster, which results in a Secondary FortiGate being promoted to the HA Primary role. | |
|
Technical Tip: How to use failover flag to change Active unit |
Describes the HA failover flag mechanism, which allows administrators to force an HA failover for testing purposes outside of the typical cluster election mechanism (e.g., uptime, override priority, etc.) |
|
Technical Tip: FortiGate HA failover due to memory utilization |
Describes how to configure the HA cluster to perform a failover in the event of high memory utilization/conserve-mode. |
|
Technical Tip: How to verify HA cluster members individual uptime |
Explains how to verify the cluster uptime values of units in the HA cluster (separate from the system uptime of the units and used as part of HA cluster elections). |
|
Technical Tip: How to revert HA cluster unit to the previous firmware image |
Describes how to safely rollback a FortiGate HA cluster to the immediate-previous firmware version following a firmware upgrade. |
| Describes how to correctly rebuild an HA cluster (such as when an RMA is performed or when trying to resolve a significant config sync issue). | |
|
Discusses steps for troubleshooting HA heartbeat communication issues between cluster members (e.g., 'HA secondary heartbeat interface <interface_name> lost neighbor information') |
|
|
Technical Tip: Collecting information for HA issues
Troubleshooting Tip: HA troubleshooting information for TAC tickets |
Provides a list of recommended commands and debug output that should be gathered and submitted to TAC when troubleshooting HA cluster issues. |
|
Technical Tip: Exclude few config to sync between HA members with 'vdom-exception' |
Explains how to configure the FortiGate to exclude specific sections of the configuration from being synchronized between HA cluster members (in-case these FortiGates require separate settings for otherwise-shared configurations). |
| Technical Tip: FortiGate 90G/91G/120G/121G HA cluster unable to upgrade due to error (Firmware image... | This article describes an error when upgrading a FortiGate-90G/91G/120G/121G high availability cluster from FortiOS v7.0.16 to v7.0.17 or higher branches, such as v7.2.x, v7.4.x, or v7.6.x. |
| Technical Tip: Configuring FortiGate HA and BGP graceful-restart to avoid traffic interruption durin... | This article describes the configuration that needs to be applied to a FortiGate HA cluster and the BGP settings so that each router (the FortiGate and its peer(s)) will keep the BGP routes in their routing table(s) to avoid traffic interruption during an HA failover. |
| Technical Tip: How to Enable/Disable HA Override without a failover | This article describes the steps required to enable/disable HA override without triggering a failover. |
| Technical Tip: Troubleshooting unexpected High Availability (HA) failover | How to troubleshoot unexpected High Availability (HA) failover. |
| Technical Tip: Upgrading three or more FortiGates in HA A-P | How to upgrade three or more FortiGates in HA A-P mode. |
| Technical Tip: How to fix HA out of sync due to system.fortiguard | How to fix a high availability out-of-sync issue, which can be caused by a configuration mismatch in the FortiGuard settings. |
