Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
heyyo
Contributor

A-A FortiGate Cluser, Failover during Conserve mode

Will below commands be applicable to HA Active Active Cluster for it to failover during conserve mode?

 

config system ha
    set memory-based-failover enable
    set memory-failover-threshold 62
    set memory-failover-monitor-period 300
    set memory-failover-sample-rate 1
    set memory-failover-flip-timeout 6
end

 

Reference: FortiGate HA failover due to memory utili... - Fortinet Community

3 REPLIES 3
ymorohashi
Staff
Staff

the feature is HA unique and works independently.
Many defensive mechanism like new session drop will be trigered once system enter conserve mode.

So It will be better to set the threashold in memory beased failover less than "Red" of conserve mode.

In coserve mode configuration, Red: 88% of total memory

Please see the below.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Conserve-mode-changes-in-FortiGate-5-6-and...

Thanks

heyyo

Thanks for the reply.

 

It can be confirmed that this HA Failover feature during conserve mode is also applicable to A-A HA cluster right?

 

Meaning should the memory-based-failover be enabled, and the threshold has been met, then the all proxy-based traffic inspection, including all other traffic, will be failed over the second unit.

 

Is this correct?

 

 

 

ymorohashi

It also works for A-A but not all session will be handled by secondary unit.

It depend on your configuration.

In default only TCP sessions will be sync to another unit.

UDP/ICMP are sync by enabling session-pickup-connectionless in "config system ha"

 

Too say more, sessions controlled by a policy with UTM feature is not target of session sync.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors