Running an active passive Fortigate cluster and OS 5.4.8 - -we need to have remote link failover working so that if a ping target cannot be reached x times then the cluster fails over. We cannot make any sense of the results, when the ping target fails the cluster takes several minutes to failover and this has no relation to our timers. Has any one else seen strange results like this? Is anyone else running it with good predictable and reliable results? If so in which firmware version. The config for HA and link-monitor is below:
config system ha
set group-name "xxxxxxx"
set mode a-p
set password ENC xxxxxxx
set hbdev "port1" 100 "port2" 50
set ha-mgmt-status enable
set ha-mgmt-interface "mgmt1"
set ha-mgmt-interface-gateway 10.200.254.250
set override enable
set priority 200
set monitor "port16" "port40"
set pingserver-monitor-interface "port20"
set pingserver-failover-threshold 5
config system link-monitor
set srcintf "port20"
set server "10.10.10.1"
set interval 3
set timeout 3
set failtime 3
set recoverytime 3
set ha-priority 10
Any feedback appreciated.
Ok thanks for the feedback - -yes we have tried it with the Flip Timeout set too -- but our problem is that it takes several minutes to fail over once the target is down. And that does not make any sense to me since our timers should mean it should failover in approx 9 seconds. We have a TAC case open and waiting....................
I did use diag sys link monitor, and it took a long time for the link monitor to go to the die state. Thanks for the log filter and log display tip - -that is a new one which I didn't know existed, should be useful.
A correction on my last post. The link monitor does go to the die state, but this does not trigger a failover. Seems to be broken in 5.4.8 and 5.6.3 - -running 2X 1500D 5.4.8 and two 2X 500E 5.6.3 - -not working on both. Had a session with the TAC and now waiting feedback.
You don't even know if a bug report exists already. Or did you see this in one of release-notes as an known issue? If a bug report doesn't exist, it wouldn't be fixed with at lease next releases (5.6.4 is expected next week). Please open a ticket with TAC and get a bug report created if not yet.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.