1) If the override is disabled on Fortigate Running in HA A-P mode, after the active FGT reboots and comes up, it will remain as current secondary, and traffic will be handled by the new active FGT. 2) A secondary FGT will take 1.2 seconds to understand that the primary FGT has failed. FortiGates assume the other FortiGate has failed if they don't receive a heartbeat packet from a cluster unit for six times 200 = 1200 milliseconds (1.2 seconds). 3) There is no synchronization of UDP and ICMP sessions by default. UDP and ICMP sessions will be down, so you can enable failover of UDP and ICMP sessions, kindly use the following command. #config system ha #set session-pickup-connectionless enable #end http://docs.fortinet.com/document/fortigate/6.0.0/handbook/595772/tcp-udp-icmp-and-multicast-session... 4) Since BGP daemon works only on master unit, the BGP peering sessions (port 179) will need to be re-established on slave unit after failover, while ICMP sessions will remain active on both new master and old slave until the peering is re-established on the new master. 5) fter failover all BGP routes (get router info routing-table bgp) will be removed on the old master and will be re-established once BGP peering is re-stablished again on the new master unit. 6) IPsec sessions with port 500 exist only on Master, after failover this session will be seen on both the new master and old slave unit until the BGP peering session (port 179) is established on new master unit, once the BGP session is re-established on new master unit, the IPsec session with port 500 will be disappeared on old slave unit. 7) In order to minimize the route learning time, you can configure the following: BGP: set the keep alive xx + holdtime timer xx HA : config: set route-ttl 200 Enabling the "graceful restart" in the Spoke and HUB 8) For better detection of fallover, we can configure Llink monitors in HA. 9) In all collaboration, we can achieve a very quick failover, and the only time it takes for the slave to become a master is when the traffic is being affected.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.