Managing an ha cluster – Fortinet 100A User Manual

94

01-28007-0068-20041203

Fortinet Inc.

Managing an HA cluster

System config

To configure weighted-round-robin weights

By default, in active-active HA mode the weighted round-robin schedule assigns the
same weight to each FortiGate unit in the cluster. If you configure a cluster to use the
weighted round-robin schedule, from the CLI you can use config system ha
weight to configure a weight value for each cluster unit. The weight value sets the

maximum number of connections that are sent to a cluster unit before a connection
can be sent to the next cluster unit. You can set weight values to control the number of
connections processed by each cluster unit. For example, you might want to reduce
the number of connections processed by the primary cluster unit by increasing the
weight assigned to the subordinate cluster units.

Weight values are entered as two values; the priority order of the unit in the cluster (in
the range 0 to 31) followed by its weight (also in the range 0 to 31). For example, if you
have a cluster of three FortiGate units, you can enter the following command to
configure the weight values for each unit:

config system ha

set ha weight 0 1 1 3 2 3
end

This command has the following results:

• The first connection is processed by the primary unit (priority 0, weight 1)
• The next three connections are processed by the first subordinate unit (priority 1,

weight 3)

• The next three connections are processed by the second subordinate unit (priority

2, weight 3)

The subordinate units process more connections than the primary unit, and both
subordinate units, on average, process the same number of connections.

Managing an HA cluster

The configurations of all of the FortiGate units in the cluster are synchronized so that
the FortiGate units can function as a cluster. Because of this synchronization, you
manage the HA cluster instead of managing the individual FortiGate units in the
cluster. You manage the cluster by connecting to the web-based manager using any
cluster interface configured for HTTPS administrative access. You can also manage
the cluster by connecting to the CLI using any cluster interface configured for SSH
administrative access.

You can also use SNMP to manage the cluster by configuring a cluster interface for
SNMP administrative access. Using an SNMP manager you can get cluster
configuration information and receive traps. For a list of HA MIB fields, see

“HA MIB

fields” on page 104

and

“FortiGate HA traps” on page 103

.

You can change the cluster configuration by connecting to the cluster and changing
the configuration of the primary FortiGate unit. The cluster automatically synchronizes
all configuration changes to the subordinate units in the cluster as the changes are
made.

The only configuration change that is not synchronized is the FortiGate host name.
You can give each cluster unit a unique host name to help to identify cluster members.