Will below commands be applicable to HA Active Active Cluster for it to failover during conserve mode?
config system ha
set memory-based-failover enable
set memory-failover-threshold 62
set memory-failover-monitor-period 300
set memory-failover-sample-rate 1
set memory-failover-flip-timeout 6
end
Reference: FortiGate HA failover due to memory utili... - Fortinet Community
the feature is HA unique and works independently.
Many defensive mechanism like new session drop will be trigered once system enter conserve mode.
So It will be better to set the threashold in memory beased failover less than "Red" of conserve mode.
In coserve mode configuration, Red: 88% of total memory
Please see the below.
Thanks
Created on 07-18-2024 06:40 PM Edited on 07-18-2024 06:42 PM
Thanks for the reply.
It can be confirmed that this HA Failover feature during conserve mode is also applicable to A-A HA cluster right?
Meaning should the memory-based-failover be enabled, and the threshold has been met, then the all proxy-based traffic inspection, including all other traffic, will be failed over the second unit.
Is this correct?
It also works for A-A but not all session will be handled by secondary unit.
It depend on your configuration.
In default only TCP sessions will be sync to another unit.
UDP/ICMP are sync by enabling session-pickup-connectionless in "config system ha"
Too say more, sessions controlled by a policy with UTM feature is not target of session sync.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.