Configuring the secondary unit for HA operation
The following procedure describes how to prepare a FortiMail unit for HA operation as the secondary unit according to
Figure 79.
Before beginning this procedure, verify that you have completed the required preparations described in
“Example: Active-passive HA group in gateway mode”. Also verify that you configured the primary unit as described in
“Configuring the primary unit for HA operation”.
To configure the secondary unit for HA operation
1. Connect to the web‑based manager of the secondary unit at https://192.168.1.6/admin.
2. Go to System > Network.
3. Configure port 6 to 10.0.0.4/255.255.255.0 and port 6 to 10.0.1.4/255.255.255.0.
4. Go to System > High Availability > Configuration.
5. Configure the following:
Main Configuration section | |
| Mode of operation | slave |
| On failure | wait for recovery then restore slave role |
| Shared password | change_me |
Backup options section | |
| Backup mail data directories | enabled |
| Backup MTA queue directories | disabled |
Advanced options section | |
| HA base port | 2000 |
| Heartbeat lost threshold | 15 seconds |
| Remote services as heartbeat | disabled |
Interface section | |
| Interface | port6 |
| Heartbeat status | primary |
| Peer IP address | 10.0.0.2 |
| Interface | port5 |
| Heartbeat status | secondary |
| Peer IP address | 10.0.1.2 |
| Virtual IP Address | (Configuration of the ports will be synchronized with the primary unit, and are therefore not required to be configured on the secondary unit.) |
| port1 | Ignore |
| port2 | Ignore |
| port3 | Set 172.16.1.2/255.255.255.0 |
| port4 | Ignore |
| port5 | Ignore |
| port6 | Ignore |
6. Click Apply.
The FortiMail unit switches to active-passive HA mode, and, after determining that the primary unit is available, sets its effective HA operating mode to slave.
7. Go to System > High Availability > Status.
8. Select click HERE to start a configuration/data sync.
The secondary unit synchronizes its configuration with the primary unit, including
“Virtual IP action” settings that configure the HA virtual IP that the secondary unit will adopt on failover.
9. To confirm that the FortiMail unit is acting as the secondary unit, go to System > High Availability > Status and compare the Configured Operating Mode and Effective Operating Mode. Both should be slave.
If the effective HA operating mode is not slave, the FortiMail unit is not acting as the secondary unit. Determine the cause of the failover, then restore the effective operating mode to that matching its configured HA mode of operation.
| If the heartbeat interfaces are not connected, the secondary unit cannot connect to the primary unit, and so the secondary unit will operate as though the primary unit has failed and will switch its effective HA operating mode to master. |
Figure 80:
When both primary unit and the secondary unit are operating in their configured mode, configuration of the active-passive HA group is complete. For information on managing both members of the HA group, see
“Administering an HA group”.