How does FortiGate HA work?

ByEditor

How does FortiGate HA work?

Essentially, HA functions similar to VRRP, but one of the main differences is that you absolutely must have two same FortiGate models to achieve HA. When you join your firewalls to a cluster they will sync their configurations and function as one device, providing failover and load balancing the traffic if needed.

What is HA cluster in FortiGate?

A FortiGate HA cluster consists of two to four FortiGate’s configured for HA operation. Each FortiGate in a cluster is called a cluster unit. All cluster units must be the same FortiGate model with the same FortiOS firmware build installed.

How do you perform a failover in FortiGate?

To failover traffic from Primary Fortigate firewall to standby just change the priotiy of the firewall. Details are mentioned with an example. To do this from GUI, navigate to Config > HA, click the edit icon and change the firewall priority.

What is monitor interface FortiGate HA?

Monitoring an interface means that the interface is connected to a high priority network. So, if the link that the primary unit has to a high priority network fails, to maintain traffic flow to and from this network, the cluster must select a different primary unit.

How do I check my VRRP status in FortiGate?

set status enable

  1. # config system interface.
  2. edit port2.
  3. set vrrp-virtual-mac enable.
  4. config vrrp.
  5. edit 5.
  6. set vrgrp 360 …must be in the range of 1-65535.
  7. set vrip 10.31.101.120.
  8. set priority 50.

How do I disable HA in FortiGate?

Once the FortiGate unit is disconnected you can use SSH, telnet, HTTPS, or HTTP to connect to and manage the FortiGate unit.

  1. Syntax. execute ha disconnect Disconnect from HA cluster.
  2. Serial number. The serial number of the cluster unit to be disconnected.
  3. Interface name. The name of the interface to configure.
  4. Example.

What is heartbeat interface in FortiGate?

A heartbeat interface is an Ethernet network interface in a cluster that is used by the FGCP for HA heartbeat communications between cluster units. To change the HA heartbeat configuration go to System > HA and select the FortiGate interfaces to use as HA heartbeat interfaces.

How do you break HA FortiGate?

1) Disable HA Auto-grouping from CLI of the FortiAnalyzer. 2) Now remove/delete the serial numberof the FortiGate-Cluster-A. 3) Now if that removed serial number is continuously logging to FortiAnalyzer then it should show up under unauthorized devices in Root ADOM.

How do I monitor FortiGate?

To enable interface monitoring From the GUI, go to System > HA and add interfaces to the Monitor Interfaces list. With interface monitoring enabled, during FortiGate-7000E cluster operation, the cluster monitors each FIM in the cluster to determine if the monitored interfaces are operating and connected.

What is VRRP priority?

The VRRP priority must express how efficiently a VRRP router would perform as a backup to a virtual router defined in the VRRP router. If there are multiple backup VRRP routers for the virtual router, the priority determines which backup VRRP router is assigned as master if the current master fails.