Configuring service-based failover
Go to System > High Availability > Configuration to configure remote service monitoring, local network interface monitoring, and local hard drive monitoring.
| Service monitoring is not available for config-only HA groups. |
HA service monitoring settings are not synchronized and must be configured separately on each primary and secondary unit.
With remote service monitoring, the secondary unit confirms that it can connect to the primary unit over the network using SMTP service, POP service (POP3), and Web service (HTTP) connections. If you configure the HA pair in server mode, the IMAP service can also be checked.
With local network interface monitoring and local hard drive monitoring, the primary unit monitors its own network interfaces and hard drives.
If service monitoring detects a failure, the effective HA operating mode of the primary unit switches to
off or
failed (depending on the
On failure setting) and, if configured, the FortiMail units send HA event alert email, record HA event log messages, and send HA event SNMP traps.A failover then occurs, and the effective HA operating mode of the secondary unit switches to
master. For information on the
On failure option, see
“Configuring the HA mode and group”. For information on the effective HA operating mode, see
“Monitoring the HA status”.
Remote service monitoring can be effective to configure in addition to, or sometimes as a backup alternative to, the heartbeat. While the heartbeat tests for the general responsiveness of the primary unit, it does not test for the failure of individual services which email users may be using such as POP3 or webmail. The heartbeat also does not monitor for the failure of network interfaces through which non-heartbeat traffic occurs. In this way, configuring remote service monitoring provides more specific failover monitoring. Additionally, if the heartbeat link is briefly disconnected, enabling HA services monitoring can prevent a false failover by acting as a temporary secondary heartbeat. For information on treating service monitoring as a secondary heartbeat, see
“Remote services as heartbeat”.
To access this part of the web UI, your administrator account’s:
• Domain must be System
• access profile must have Read or Read-Write permission to the Others category
To configure service monitoring
1. Go to System > High Availability > Configuration.
2. Select master or slave as the mode of operation.
3. Expand the service monitor area, if required.
4. Select a row in the table and click Edit to configure it.
5. For Remote SMTP, Remote IMAP, Remote POP, and Remote HTTP services, configure the following:
GUI item | Description |
Enable | Select to enable connection responsiveness tests for SMTP. |
Name | Displays the service name. |
Remote IP | Enter the peer IP address. |
Port | Enter the port number of the peer SMTP service. |
Timeout | Enter the timeout period for one connection test. |
Interval | Enter the frequency of the tests. |
Retries | Enter the number of consecutively failed tests that are allowed before the primary unit is deemed unresponsive and a failover occurs. |
6. For interface monitoring and local hard drive monitoring, configure the following:
GUI item | Description |
Enable | Enable local hard drive monitoring to check if the local hard drive is still accessible, or if the mail data disk is almost full. If the hard disk is not responsive, or if the mail data disk is 95 percent full, a failover will occur. Interface monitoring is enabled when you configure interface monitoring. See “Configuring interface monitoring”. Network interface monitoring tests all active network interfaces whose: • Virtual IP action setting is not Ignore • Configuring interface monitoring setting is enabled |
Interval | Enter the frequency of the test. |
Retries | Specify the number of consecutively failed tests that are allowed before the local interface or hard drive is deemed unresponsive and a failover occurs. |