Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Do you have the the flip imeout variable set
"set pingserver-flip-timeout"
But no, I have not seem any issues with HA failover due to remote-target being unreachable. We like to set a high threshold to avoid premature failover due to glitch or bump in our network.
Ken
PCNSE
NSE
StrongSwan
Hi Ken,
Ok thanks for the feedback - -yes we have tried it with the Flip Timeout set too -- but our problem is that it takes several minutes to fail over once the target is down. And that does not make any sense to me since our timers should mean it should failover in approx 9 seconds. We have a TAC case open and waiting....................
Thanks, Moby
IIRC link monitor had some issues back in v5.2.x maybe this rolled into 5.4.x ;)
Did you do any based level diagnostics and if so what did it state?
diag sys link-monitor interface <interface name >
Also did you execute log display and look for the sys event at the failure
e.g
execute log filter cat 1
execute log display
Ken
PCNSE
NSE
StrongSwan
Hi Ken,
I did use diag sys link monitor, and it took a long time for the link monitor to go to the die state. Thanks for the log filter and log display tip - -that is a new one which I didn't know existed, should be useful.
Moby.
Hi Again,
A correction on my last post. The link monitor does go to the die state, but this does not trigger a failover. Seems to be broken in 5.4.8 and 5.6.3 - -running 2X 1500D 5.4.8 and two 2X 500E 5.6.3 - -not working on both. Had a session with the TAC and now waiting feedback.
Moby.
I had a similar problem, you managed to resolve it?
Best regards...
Created on 04-20-2018 08:05 AM
if you use route dinamic, I recommend you configuring graceful restart for dynamic routing failover with route wait.
You should also increase the HA route time to live
config system haset route-ttl 60set route-wait 60set route-hold 60end Best regards.ArmandoHi,
Fortinet TAC tell me that it is a bug for 5.4.8 and 5.6.3 - so currently waiting to find out when it will be fixed and then to confirm this.
Moby
You don't even know if a bug report exists already. Or did you see this in one of release-notes as an known issue? If a bug report doesn't exist, it wouldn't be fixed with at lease next releases (5.6.4 is expected next week). Please open a ticket with TAC and get a bug report created if not yet.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.