Configuring the primary unit for HA operation
The following procedure describes how to prepare a FortiMail unit for HA operation as the primary unit according to
Figure 16.
Before beginning this procedure, verify that you have completed the required preparations described in
“Example: Active-passive HA group in gateway mode”.
To configure the primary unit for HA operation
1. Connect to the web‑based manager of the primary unit at https://192.168.1.5/admin.
2. Go to System > Network.
3. Configure port 6 to 10.0.0.2/255.255.255.0 and port 6 to 10.0.1.2/255.255.255.0.
4. Go to System > High Availability > Configuration.
5. Configure the following:
HA Configuration section | . |
| Mode of operation | master |
| On failure | wait for recovery then assume slave role |
| Shared password | change_me |
Backup options section | |
| Backup mail data directories | enabled |
| Backup MTA queue directories | disabled |
Advanced options section | |
| HA base port | 2000 |
| Heartbeat lost threshold | 15 seconds |
| Remote services as heartbeat | disabled |
Interface section | |
| Interface | port6 |
| Enable port monitor | Enabled |
| Heartbeat status | Primary |
| Peer IP address | 10.0.0.4 |
| Interface | port5 |
| Enable port monitor | Enabled |
| Heartbeat status | Secondary |
| Peer IP address | 10.0.1.4 |
| Virtual IP Address | |
| port1 | Ignore |
| port2 | Ignore |
| port3 | Set 172.16.1.2/255.255.255.0 |
| port4 | Ignore |
| port5 | Ignore |
| port6 | Ignore |
6. Click Apply.
The FortiMail unit switches to active-passive HA mode, and, after determining that there is no other primary unit, sets its effective HA operating mode to master. The virtual IP 172.16.1.2 is added to port3; if not already complete, configure DNS records and firewalls to route email traffic to this virtual IP address, not the actual IP address of the port3 network interface.
7. To confirm that the FortiMail unit is acting as the primary unit, go to System > High Availability > Status and compare the Configured Operating Mode and Effective Operating Mode. Both should be master.
If the effective HA operating mode is not master, the FortiMail unit is not acting as the primary unit. Determine the cause of the failover, then restore the effective operating mode to that matching its configured HA mode of operation.