Monitor priorities, Configuring an ha cluster – Fortinet 100A User Manual
Page 90
90
01-28007-0068-20041203
Fortinet Inc.
Configuring an HA cluster
System config
Monitor priorities
Monitor priorities and link failover is not supported for the internal interface.
Enable or disable monitoring a FortiGate interface to verify that the interface is
functioning properly and connected to its network. If a monitored interface fails or is
disconnected from its network the interface leaves the cluster. The cluster reroutes
the traffic being processed by that interface to the same interface of another cluster
unit in the cluster that still has a connection to the network. This other cluster unit
becomes the new primary cluster unit.
If you can re-establish traffic flow through the interface (for example, if you re-connect
a disconnected network cable) the interface rejoins the cluster. If Override Master is
enabled for this FortiGate unit (see
), this FortiGate unit
becomes the primary unit in the cluster again.
Increase the priority of interfaces connected to higher priority networks or networks
with more traffic. The monitor priority range is 0 to 512.
If a high priority interface on the primary cluster unit fails, one of the other units in the
cluster becomes the new primary unit to provide better service to the high priority
network.
If a low priority interface fails on one cluster unit and a high priority interface fails on
another cluster unit, a unit in the cluster with a working connection to the high priority
interface would, if it becomes necessary to negotiate a new primary unit, be selected
instead of a unit with a working connection to the low priority interface.
Configuring an HA cluster
Use the following procedures to create an HA cluster consisting of two or more
FortiGate units. These procedures describe how to configure each of the FortiGate
units for HA operation and then how to connect the FortiGate units to form a cluster.
Once the cluster is connected you can configure it in the same way as you would
configure a standalone FortiGate unit.
To configure a FortiGate unit for HA operation
Each FortiGate unit in the cluster must have the same HA configuration. Use the
following procedure to configure each FortiGate unit for HA operation.
Note: Only monitor interfaces that are connected to networks.
Note: You can monitor physical interfaces, but not VLAN subinterfaces.
Note: The following procedure does not include steps for configuring interface heartbeat
devices and interface monitoring. Both of these HA settings should be configured after the
cluster is up and running.