System config
HA
FortiGate-500A Administration Guide
01-28006-0100-20041105
87
Mode
All members of the HA cluster must be set to the same HA mode.
Group ID
The group ID range is from 0 to 63. All members of the HA cluster must have the
same group ID.
When the FortiGate units in the cluster are switched to HA mode, all of the interfaces
of all of the units in the cluster acquire the same virtual MAC address. This virtual
MAC address is set according to the group ID.
Table 3
lists the virtual MAC address
set for each group ID.
If you have more than one HA cluster on the same network, each cluster should have
a different group ID. If two clusters on the same network have the same group ID, the
duplicate MAC addresses cause addressing conflicts on the network.
Unit Priority
Optionally set the unit priority of the cluster unit. Each cluster unit can have a different
unit priority (the unit priority is not synchronized among cluster members). During HA
negotiation, the unit with the highest unit priority becomes the primary cluster unit. The
unit priority range is 0 to 255. The default unit priority is 128.
You can use the unit priority to control the order in which cluster units become the
primary cluster unit when a cluster unit fails. For example, if you have three
FortiGate-3600s in a cluster you can set the unit priorities as shown in
Table 4
.
Cluster unit A will always be the primary cluster unit because it has the highest priority.
If cluster unit A fails, cluster unit B becomes the primary cluster unit because cluster
unit B has a higher unit priority than cluster unit C.
Active-Active
Load balancing and failover HA. Each cluster unit actively processes
connections and monitors the status of the other FortiGate units in the cluster.
The primary FortiGate unit in the cluster controls load balancing among all of
the cluster units.
Active-Passive
Failover HA. The primary FortiGate unit in the cluster processes all
connections. All other FortiGate units in the cluster passively monitor the
cluster status and remain synchronized with the primary FortiGate unit.
Table 3: HA group ID and MAC address
Group ID
MAC Address
0
00-09-0f-06-ff-00
1
00-09-0f-06-ff-01
2
00-09-0f-06-ff-02
3
00-09-0f-06-ff-03
…
...
63
00-09-0f-06-ff-3f
Summary of Contents for FortiGate FortiGate-500A
Page 24: ...24 01 28006 0100 20041105 Fortinet Inc Customer service and technical support Introduction...
Page 46: ...46 01 28006 0100 20041105 Fortinet Inc Changing the FortiGate firmware System status...
Page 72: ...72 01 28006 0100 20041105 Fortinet Inc FortiGate IPv6 support System network...
Page 80: ...80 01 28006 0100 20041105 Fortinet Inc Dynamic IP System DHCP...
Page 110: ...110 01 28006 0100 20041105 Fortinet Inc FortiManager System config...
Page 116: ...116 01 28006 0100 20041105 Fortinet Inc Access profiles System administration...
Page 134: ...134 01 28006 0100 20041105 Fortinet Inc Shutdown System maintenance...
Page 248: ...248 01 28006 0100 20041105 Fortinet Inc CLI configuration Users and authentication...
Page 324: ...324 01 28006 0100 20041105 Fortinet Inc CLI configuration Antivirus...
Page 386: ...386 01 28006 0100 20041105 Fortinet Inc Glossary...
Page 394: ...394 01 28006 0100 20041105 Fortinet Inc Index...