Technical Tip: FortiGate High Availability Resource List

nprakash · ‎05-29-2022

Description

This article describes FortiGate High Availability Resource List. High availability (HA) is usually required in a system where there is high demand for a little downtime.

There are usually hot-swaps, backup routes, or standby backup units, and as soon as the active entity fails, backup entities will start functioning. This results in minimal interruption for the users.

Scope

FortiGate.

Solution

The FortiGate Clustering Protocol (FGCP) is a proprietary HA solution whereby FortiGate can find other members of FortiGate to negotiate and create a cluster. A FortiGate HA cluster consists of at least two FortiGate (members) configured for HA operation.

All FortiGate in the cluster must be the same model, have identical licenses, and should be running the same firmware. Cluster members must also run matching operating modes (Transparent or NAT mode) and have the same hardware configuration (such as the same number of hard disks).

All cluster members share the same configurations except for their hostname and priority in the HA settings. The cluster works like a device but always has a hot backup device.

Find below a list of resources that help in configuring and troubleshooting High Availability in FortiGate:

Configuration

Title	Description
HA Basic Setup	Configuring HA (A-P) on FortiGate Firewalls
HA Basic Deployment Design	HA Deployment Design when FortiGate is connected to two switches with LACP (802.3ad)
HA Management Interface	Configuring HA management interface
Remote IP Monitor	Configuring HA Ping Server
Ping Server Threshold	How to set HA ping server threshold
HA Group ID	Configuring HA Group ID
HA Session-Sync-Dev Configuration	Configuring FortiGate interfaces for synchronizing sessions
Changing HA Group ID	Best practice guide to changing the group-id in a HA Cluster
HA Direct	How to send messages (logs,snmp,radius) directly from HA management interface
Changing Heart Beat timers	How to modify HA Heart Beat timers
HA virtual cluster with VDOM Partitioning	How to configure VDOM partitioning
Upgrading HA with VDOM Partitioning	How to upgrade a cluster with more than two FortiGates
Controlling HA synchronizes routing table updates	How route-hold, route-ttl and route-wait works
HA reserve management interface with managed FortiSwtich	This article describes best practice recommendations for an HA reserve management interface when it is connected via FortiLink
Fix an HA (High Availability) cluster upgrade failure	How to fix HA (High Availability) cluster upgrade failure which results to each firewall in cluster having different OS version

Troubleshooting (Technical Tip)

Title	Description
LACP in a HA Cluster	The behavior of LACP in an HA cluster
HA Cluster Synchronization	Troubleshoot HA synchronization issue when the cluster is out of sync
HA Route table Synchronization	How a FortiGate HA cluster synchronizes routing table updates between cluster units
HA Virtual MAC	How to verify the MAC addresses assigned to FortiGate interfaces
Changing HA Role in a cluster	Different methods to promote the role of subordinate to primary in a HA cluster
Force HA failover	How to trigger a manual HA failover
HA Failover - memory utilization	Ha failover triggered due to memory utilization
HA Uptime	Verify uptime of units in HA Cluster
HA Revert to previous firmware	How to downgrade to a previous firmware
Rebuild HA cluster	How to rebuild an HA cluster
HA heartbeat lost neighbor	Trouble HA heartbeat issues
HA Logs Required for troubleshooting	Logs required by TAC for troubleshooting HA issues
Troubleshooting Tip: HA troubleshooting information for TAC tickets	This article describes advanced troubleshooting for the High Availability Cluster and collects information to deliver to Fortinet TAC for a support ticket.
Exclude few config to sync between HA members with 'vdom-exception'	This article explains excluding a few configs to sync between HA units.