Chapter 9 High Availability for FortiOS 5.0 : An introduction to the FGCP : Active-passive and active-active HA : Active-passive HA (failover protection)
  
Active-passive HA (failover protection)
An active-passive (A-P) HA cluster provides hot standby failover protection. An active‑passive cluster consists of a primary unit that processes communication sessions, and one or more subordinate units. The subordinate units are connected to the network and to the primary unit but do not process communication sessions. Instead, the subordinate units run in a standby state. In this standby state, the configuration of the subordinate units is synchronized with the configuration of the primary unit and the subordinate units monitor the status of the primary unit.
Active-passive HA provides transparent device failover among cluster units. If a cluster unit fails, another immediately take its place. See “Device failover”.
Active-passive HA also provides transparent link failover among cluster units. If a cluster unit interface fails or is disconnected, this cluster unit updates the link state database and the cluster negotiates and may select a new primary unit. See “Link failover (port monitoring or interface monitoring)” for more information.
If session failover (also called session pickup) is enabled, active-passive HA provides session failover for some communication sessions. See “Session failover (session pick-up)” for information about session failover and its limitations.
The following example shows how to configure a FortiGate unit for active-passive HA operation. You would enter the exact same commands on every FortiGate unit in the cluster.
config system ha
set mode a-p
set group-name myname
set password HApass
end