48 01-28005-0026-20041101 Fortinet Inc.
Configuring FortiGate units for HA operation High availability installation
Group ID
The group ID range is from 0 to 63. All members of the HA cluster must have the
same group ID.
When the FortiGate units in the cluster are switched to HA mode, all of the
interfaces of all of the units in the cluster get the same virtual MAC address. This
virtual MAC address is set according to the group ID.
Group ID MAC Address
0
1
2
…
63
00-09-0f-06-ff-00
00-09-0f-06-ff-01
00-09-0f-06-ff-02
...
00-09-0f-06-ff-3f
If you have more than one HA cluster on the same network, each cluster should
have a different group ID. If two clusters on the same network have same group ID,
the duplicate MAC addresses cause addressing conflicts on the network.
Unit
priority
The unit with the highest priority becomes the primary unit in the cluster. The unit
priority range is 0 to 255. The default unit priority is 128.
Set the unit priority to a higher value if you want the FortiGate unit to be the primary
cluster unit. Set the unit priority to a lower value if you want the FortiGate unit to be
a subordinate unit in the cluster. If all units have the same priority, the FortiGate
unit with the highest serial number becomes the primary cluster unit.
Override
Master
You can configure a FortiGate unit to always become the primary unit in the cluster
by giving it a high priority and by selecting Override master.
Schedule
The schedule controls load balancing among the FortiGate units in the active-
active HA cluster. The schedule must be the same for all units in the cluster.
None No load balancing. Select None when the cluster interfaces are
connected to load balancing switches.
Hub Load balancing for hubs. Select Hub if the cluster interfaces are
connected to a hub. Traffic is distributed to units in a cluster
based on the Source IP and Destination IP of the packet.
Least
Connection
Least connection load balancing. If the FortiGate units are
connected using switches, select Least connection to distribute
traffic to the cluster unit with the fewest concurrent connections.
Round Robin Round robin load balancing. If the FortiGate units are connected
using switches, select round robin to distribute traffic to the next
available cluster unit.
Weighted
Round Robin
Weighted round robin load balancing. Similar to round robin, but
weighted values are assigned to each of the units in a cluster
based on their capacity and on how many connections they are
currently processing. For example, the primary unit should have a
lower weighted value because it handles scheduling and forwards
traffic. Weighted round robin distributes traffic more evenly
because units that are not processing traffic will be more likely to
receive new connections than units that are very busy.
Random Random load balancing. If the FortiGate units are connected
using switches, select random to randomly distribute traffic to
cluster units.
IP Load balancing according to IP address. If the FortiGate units are
connected using switches, select IP to distribute traffic to units in
a cluster based on the Source IP and Destination IP of the
packet.
IP Port Load balancing according to IP address and port. If the FortiGate
units are connected using switches, select IP Port to distribute
traffic to units in a cluster based on the Source IP, Source Port,
Destination IP, and Destination port of the packet.
Table 10: High availability settings (Continued)
To Next Page
Loading...
Need help?
General