Question on FortiGate HA

satavkupa · ‎09-19-2023

Is it mandatory that replication must be active all the time between primary/active fortigate and secondary/passive fortigate?

If so, why the memory usage and other details are not in sync on both devices? Please explain with some examples. Thank you!

omegle xender

jiyong · ‎09-19-2023

Hi satavkupa.

The following are requirements for setting up an HA cluster (FGCP) or FGSP peers.

Cluster members must have:
The same model.
The same hardware configuration.
The same connections.
The same generation.
+ https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/946059/troubleshoot-an-ha-fo...

Please check if the above conditions are met. Also, when synchronizing between two devices, in-sync may not work because the checksums do not match.

# diag sys ha checksum list <- Compare and check this part on each device.

Please refer to this.
+ https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-HA-synchronization-issue-cluster-out...

Thanks.

jiyong · ‎09-19-2023

When clustered, CPU/memory, etc. are individual hardware, so Primary and Secondary each have information.

Typically, the Session and Config are synchronized.

dsrivastava · ‎09-20-2023

Hi,
FortiGate HA clusters prioritize redundancy, high availability, and load balancing of network traffic over the synchronization of CPU and memory usage.
Each unit in the cluster manages its own resources independently to ensure optimal performance and failover capabilities.

hbac · ‎09-20-2023

Hi @satavkupa,

In HA active/passive scenario, only the primary unit handles the traffic and inspections. Hence it's CPU/memory usage is expected to be higher than the secondary. I hope that answers your question.

Regards,