- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A-A FortiGate Cluser, Failover during Conserve mode
Will below commands be applicable to HA Active Active Cluster for it to failover during conserve mode?
config system ha
set memory-based-failover enable
set memory-failover-threshold 62
set memory-failover-monitor-period 300
set memory-failover-sample-rate 1
set memory-failover-flip-timeout 6
end
Reference: FortiGate HA failover due to memory utili... - Fortinet Community
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the feature is HA unique and works independently.
Many defensive mechanism like new session drop will be trigered once system enter conserve mode.
So It will be better to set the threashold in memory beased failover less than "Red" of conserve mode.
In coserve mode configuration, Red: 88% of total memory
Please see the below.
Thanks
Created on ‎07-18-2024 06:40 PM Edited on ‎07-18-2024 06:42 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply.
It can be confirmed that this HA Failover feature during conserve mode is also applicable to A-A HA cluster right?
Meaning should the memory-based-failover be enabled, and the threshold has been met, then the all proxy-based traffic inspection, including all other traffic, will be failed over the second unit.
Is this correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It also works for A-A but not all session will be handled by secondary unit.
It depend on your configuration.
In default only TCP sessions will be sync to another unit.
UDP/ICMP are sync by enabling session-pickup-connectionless in "config system ha"
Too say more, sessions controlled by a policy with UTM feature is not target of session sync.
![](/skins/images/EC12350B26E3A30E8BDB0075C9F4DA72/responsive_peak/images/icon_anonymous_message.png)