Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nprakash
Staff
Staff

Created on ‎05-29-2022 07:47 PM Edited on ‎04-21-2024 10:57 PM By Community Manager

Article Id 213350

Technical Tip : FortiGate High Availability Resource List

Description

 

This article describes FortiGate High Availability Resource List. High availability (HA) is usually required in a system where there is high demand for a little downtime.

There are usually hot-swaps, backup routes, or standby backup units, and as soon as the active entity fails, backup entities will start functioning. This results in minimal interruption for the users.

 

Scope

 

FortiGate.

 

Solution

 

The FortiGate Clustering Protocol (FGCP) is a proprietary HA solution whereby FortiGate can find other members of FortiGate to negotiate and create a cluster. A FortiGate HA cluster consists of at least two FortiGate (members) configured for HA operation.

 

All FortiGate in the cluster must be the same model, have identical licenses, and should be running the same firmware. Cluster members must also run matching operating modes (Transparent or NAT mode) and have the same hardware configuration (such as the same number of hard disks).

All cluster members share the same configurations except for their hostname and priority in the HA settings. The cluster works like a device but always has a hot backup device.

 

Find below a list of resources that help in configuring and troubleshooting High Availability in FortiGate:

 

Configuration
Title Description
HA Basic Setup Configuring HA (A-P) on FortiGate Firewalls
HA Basic Deployment Design HA Deployment Design when FortiGate is connected to two switches with LACP (802.3ad)
HA Management Interface Configuring HA management interface
Remote IP Monitor Configuring HA Ping Server
Ping Server Threshold How to set HA ping server threshold
HA Group ID Configuring HA Group ID
HA Session-Sync-Dev Configuration Configuring FortiGate interfaces for synchronizing sessions
Changing HA Group ID Best practice guide to changing the group-id in a HA Cluster
HA Direct How to send messages (logs,snmp,radius) directly from HA management interface
Changing Heart Beat timers How to modify HA Heart Beat timers

 

Troubleshooting (Technical Tip)
Title Description
LACP in a HA Cluster The behavior of LACP in an HA cluster
HA Cluster Synchronization Troubleshoot HA synchronization issue when the cluster is out of sync
HA Route table Synchronization How a FortiGate HA cluster synchronizes routing table updates between cluster units
HA Virtual MAC How to verify the MAC addresses assigned to FortiGate interfaces
Changing HA Role in a cluster Different methods to promote the role of subordinate to primary in a HA cluster
Force HA failover How to trigger a manual HA failover 
HA Failover - memory utilization Ha failover triggered due to memory utilization
HA Uptime  Verify uptime of units in HA Cluster
HA Revert to previous firmware  How to downgrade to a previous firmware
Rebuild HA cluster How to rebuild an HA cluster
HA heartbeat lost neighbor Trouble HA heartbeat issues
HA Logs Required for troubleshooting Logs required by TAC for troubleshooting HA issues
Troubleshooting Tip: HA troubleshooting information for TAC tickets This article describes advanced troubleshooting for the High Availability Cluster and collects information to deliver to Fortinet TAC for a support ticket.
10086
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.