Chapter 9 High Availability for FortiOS 5.0 : HA and failover protection
  
HA and failover protection
In FortiGate active-passive HA, the FortiGate Clustering Protocol (FGCP) provides failover protection. This means that an active-passive cluster can provide FortiGate services even when one of the cluster units encounters a problem that would result in complete loss of connectivity for a stand-aloneFortiGate unit. This failover protection provides a backup mechanism that can be used to reduce the risk of unexpected downtime, especially in a mission-critical environment.
The FGCP supports three kinds of failover protection. Device failover automatically replaces a failed device and restarts traffic flow with minimal impact on the network. Link failover maintains traffic flow if a link fails. Session failover resumes communication sessions with minimal loss of data if a device or link failover occurs.
This chapter describes how FGCP failover protection works and provides detailed NAT/Route and Transparent mode packet flow descriptions.
This chapter contains the following sections:
About active-passive failover
About active-active failover
Device failover
HA heartbeat and communication between cluster units
Cluster virtual MAC addresses
Synchronizing the configuration
Synchronizing kernel routing tables
Synchronizing IPsec VPN SAs
Link failover (port monitoring or interface monitoring)
Subsecond failover
Remote link failover
Session failover (session pick-up)
WAN optimization and HA
Failover and attached network equipment
Monitoring cluster units for failover
NAT/Route mode active-passive cluster packet flow
Transparent mode active-passive cluster packet flow
Failover performance