HA heartbeat & synchronization
You can group multiple FortiADC appliances together as a high availability (HA) cluster (see
“Configuring a high availability (HA) FortiADC cluster”). The
heartbeat traffic indicates to other appliances in the HA cluster that the appliance is up and “alive.”
Synchronization ensures that all appliances in the cluster remain ready to process traffic, even if you only change one of the appliances.
Heartbeat and synchronization traffic between cluster appliances occur over the physical network ports selected in
Heartbeat Interface. HA traffic uses multicast UDP on port numbers 6065 (heartbeat) and 6056 (synchronization). The HA multicast IP address is 239.0.0.1; it is hard-coded, and cannot be configured.
Failover is triggered by any interruption to either the heartbeat
or a port monitored network interface whose length of time exceeds your configured limits (
Detection Interval x
Heartbeat Lost Threshold). When the active (“main”) appliance becomes unresponsive, the standby appliance:
1. Notifies the network via ARP that the network interface IP addresses (including the IP address of the bridge, if any) are now associated with its virtual MAC addresses
2. Assumes the role of the active appliance and scans network traffic
To keep the standby appliance ready in case of a failover, HA pairs also use the heartbeat link to automatically synchronize most of their configuration. Synchronization includes:
• core CLI-style configuration file (fadc_system.conf)
• X.509 certificates, certificate request files (CSR), and private keys
• Layer 3 (IP) sessions, Layer 4 (e.g. TCP) connection state, and Layer 7 (e.g. HTTP) sessions
and occurs immediately when an appliance joins the cluster, and thereafter every 30 seconds. For a list of settings and data that are
not synchronized, see
“Data that is not synchronized by HA” and
“Configuration settings that are not synchronized by HA”.
See also