FortiGate-7000 supports a variation of active-passive FortiGate Clustering Protocol (FGCP) high availability between two identical FortiGate-7000s. With active-passive FortiGate-7000 HA, you create redundant network connections to two identical FortiGate-7000s and add redundant HA heartbeat connections. Then you configure the FIM interface modules for HA.The FGCP forms a cluster and selects a primary FortiGate-7000.
Example FortiGate-7040 HA configuration
The primary FortiGate-7000 processes all traffic. The backup FortiGate-7000 operates in hot standby mode. The FGCP synchronizes the configuration, active sessions, routing information, and so on to the backup FortiGate-7000. If the primary FortiGate-7000 fails, traffic automatically fails over to the backup FortiGate-7000.
The FGCP selects the primary FortiGate-7000 based on a number of criteria including the configured priority, the bandwidth, the number of FIM interface failures, and the number of FPM or FIM modules that have failed. As part of the HA configuration you assign each FortiGate-7000 a chassis ID and you can set the priority of each FIM interface module and configure module failure tolerances and link failure thresholds.