#config system haSample Configuration:
set load-balance-all enable #<-- now, all TCP traffic is load-balanced.
#FGT60D4613****** # show system ha
config system ha
set group-id 222
set group-name "HA-act-act"
set mode a-a
set password ENC ZVLZUjueG5Rb6kWYzsnMFElBWK7QIGwTNsPPxruyal3TJTm/4madjZRQTkEANVltgDMlYXy81yMcKBQiKqzG0wWk+dtXzEe7QWgrnVtBNnJLIYpm5XM+x1YtwEF64swA1QMVZN4msYFravJ4YtfClOt+M0q8PtvlCPprsTcs8JgOKCNTk/qL9WahaWFfyANY/9HbFQ==
set hbdev "dmz" 50 "wan2" 0
set override disable
set monitor "wan1"
set load-balance-all enable
end
FGT60D4613****** # get system ha statusHow to Confirm Load-Balancing:
Model: FortiGate-60D
Mode: a-a
Group: 222
Debug: 0
ses_pickup: disable
load_balance: enable
load_balance_udp: disable
schedule: Round robin.
upgrade_mode: unset
master:128 FGT60D4613****** FGT60D4613****** 0
Slave :128 FGT60D4613****** FGT60D4613****** 1
number of vcluster: 1
vcluster 1: work 169.254.0.1
master:0 FGT60D4613******
Slave :1 FGT60D4613******
FGT60D4613****** # execute ha manage 1
FGT60D4613****** $ diag sniffer packet any "port 80" 4
interfaces=[any]Conclusion: Packets are arriving (internal in) and leaving (wan1 out). The slave unit is therefore forwarding traffic -- i.e., load-balancing is occurring.
filters=[port 80]
44.973557 internal in 192.168.1.101.49672 -> 65.52.62.25.80: syn 3070985030
45.040951 internal in 192.168.1.101.49674 -> 199.27.79.175.80: syn 625644188
45.139591 wan1 out 172.17.97.66.49672 -> 65.52.62.25.80: syn 3070985030
45.139955 wan1 out 172.17.97.66.49674 -> 199.27.79.175.80: syn 625644188
45.140247 wan1 in 65.52.62.25.80 -> 172.17.97.66.49672: syn 2597438395 ack 3070985031
45.140471 wan1 in 199.27.79.175.80 -> 172.17.97.66.49674: syn 1315870843 ack 625644189
FGT60D4613****** # diag sys session list | grep ha_id=1Conclusion: Sessions with ha_id=1 (slave unit's HA ID) indicate session is being handled by the slave.
ha_id=1 policy_dir=0 tunnel=/
ha_id=1 policy_dir=0 tunnel=/
ha_id=1 policy_dir=0 tunnel=/
ha_id=1 policy_dir=0 tunnel=/
ha_id=1 policy_dir=0 tunnel=/
ha_id=1 policy_dir=0 tunnel=/
ha_id=1 policy_dir=0 tunnel=/
Related Articles
Technical Tip: How to enable TCP load balance in HA with active-active mode
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.