Chapter 9 High Availability for FortiOS 5.0 : HA and failover protection : NAT/Route mode active-passive cluster packet flow : Packet flow from web server to client
  
Packet flow from web server to client
1. When the web server responds to the client’s packet, the cluster external interface IP address (172.20.120.141) is recognized as the gateway to the internal network.
2. The web server issues an ARP request to 172.20.120.141.
3. The primary unit intercepts the ARP request, and responds with the external virtual MAC address (MAC_V_ext) which corresponds its IP address of 172.20.120.141.
4. The web server then sends response packets to the primary unit external interface.
 
IP address
MAC address
Source
172.20.120.130
MAC_Server
Destination
172.20.120.141
MAC_V_ext
5. The primary unit processes the packet.
6. The primary unit forwards the packet from its internal interface to the client.
 
IP address
MAC address
Source
172.20.120.130
MAC_V_int
Destination
10.11.101.10
MAC_Client
7. The primary unit continues to process packets in this way unless a failover occurs.