FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hlngan
Staff
Staff
Article Id 192433
Description
This article describes how virtual servers load balancing showing wrong status when failover within a short time.

Solution
This is an expected behavior:

In the active-standby mode, if the primary server went down, FortiOS will not forward any traffic to it for 5 minutes based on the holddown_interval default value.
This value prevents any flapping issues (if a server goes up and down frequently).
Server A as master: x.x.x.x
Server B as standby: y.y.y.y
From the 1 up status and 1 down status within the load balance monitor.
x.x.x.x:80 Up Active 4 0 <1 second(s) 0 B
y.y.y.y:80 Down Standby 1 0 <1 second(s) 0 B
When Server A is down:
x.x.x.x:80 Down Active 5 0 <1 second(s) 0 B
y.y.y.y:80 Up Active 2 0 <1 second(s) 0 B
When Server A bring up (within the holddown_interval :(
x.x.x.x:80 Down Active 8 0 <1 second(s) 0 B
y.y.y.y:80 Up Active 4 0 <1 second(s) 0 B
If  Server A is brought up after holddown_interval :
x.x.x.x:80 Up Active 6 0 <1 second(s) 0 B
y.y.y.y:80 Down Standby 3 0 <1 second(s) 0 B
It is possible to lower the holddown_interval for the testing (default is 5 minutes, lower it to 30 second the least).
# config firewall vip
    edit <vserver>
    # config realservers
        edit 1
            set holddown-interval <x>          <----- Where x is the seconds for the hold down.
        next
    edit 2
        set holddown-interval <x>              <----- Where x is the seconds for the hold down.
    next
end

Contributors