Operation mode | You must set the operation mode (gateway, transparent, or server) of each HA group member before configuring HA. |
Host name | The host name distinguishes members of the cluster. For details, see “Host name”. |
Static route | Static routes are not synchronized because the HA units may be in different networks (see “Configuring static routes”). |
Interface configuration (gateway and server mode only) | Each FortiMail unit in the HA group must be configured with different network interface settings for connectivity purposes. For details, see “Configuring the network interfaces”. Exceptions include some active-passive HA settings which affect the interface configuration for failover purposes. These settings are synchronized. For details, see “Virtual IP Address”. |
Management IP address (transparent mode only) | Each FortiMail unit in the HA group should be configured with different management IP addresses for connectivity purposes. For details, see “About the management IP”. |
SNMP system information | Each FortiMail unit in the HA group will have its own SNMP system information, including the Description, Location, and Contact. For details, see “Configuring the network interfaces”. |
RAID configuration | RAID settings are hardware-dependent and determined at boot time by looking at the drives (for software RAID) or the controller (hardware RAID), and are not stored in the system configuration. Therefore, they are not synchronized. |
Main HA configuration | The main HA configuration, which includes the HA mode of operation (such as master or slave), is not synchronized because this configuration must be different on the primary and secondary units. For details, see “Configuring the HA mode and group”. |
HA Daemon configuration | The following HA daemon settings are not synchronized: • Shared password • Backup mail data directories • Backup MTA queue directories You must add the shared HA password to each unit in the HA group. All units in the HA group must use the same shared password to identify the group. Since the mail data and MTA queue backup settings are not synchronized, to use this feature, you must enable it on both the master and slave units. For information about now to enable this feature, see “Configuring the backup options”. Synchronized HA daemon options that are active-passive HA settings affect how often the secondary unit tests the primary unit and how the secondary unit synchronizes configuration and mail data. Because HA daemon settings on the secondary unit control how the HA daemon operates, in a functioning HA group you would change the HA daemon configuration on the secondary unit to change how the HA daemon operates. The HA daemon settings on the primary unit do not affect the operation of the HA daemon. |
HA service monitoring configuration | In active-passive HA, the HA service monitoring configuration is not synchronized. The remote service monitoring configuration on the secondary unit controls how the secondary unit checks the operation of the primary unit. The local services configuration on the primary unit controls how the primary unit tests the operation of the primary unit. For details, see “Configuring service-based failover”. Note: You might want to have a different service monitoring configuration on the primary and secondary units. For example, after a failover you may not want service monitoring to operate until you have fixed the problems that caused the failover and have restarted normal operation of the HA group. |
Product name and icon | The product names and icons under System > Customization > Appearance are not synchronized. All other appearance settings are synchronized. |
Config-only HA | In config-only HA, the following settings are not synchronized: • the local domain name (see “Local domain name”) • default certificate • iSCSI initiator name • iSCSI ID for remote storage • SNMP settings • IP pools (see “Configuring IP pools”) • the quarantine report host name (see “Web release host name/IP”) • IBE settings of base URL, Help content URL, and About content URL • Centralized quarantine client IP address • Centralized IBE client IP address • User-level block/safe lists. But system and domain-level block/safe lists are synchronized. Note that before v5.0.2 release, domain-level block/safe lists are not automatically synchronized either. |