FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 1 - What's New for FortiOS 5.2 > High Availability

High Availability

New high availability features include:

DHCP and PPPOE Support for Active-Passive Mode

High Availability is now supported in Active-Passive mode when there are interfaces working in DHCP client or PPPOE client mode.

VRRP Support

Additional features have been added to support Virtual Router Redundancy Protocol (VRRP).

VRRP Groups

A VRRP group includes all the relevant VRRP IDs and tracks the VRRP status in order to force the status of all group members if a VRRP domain is changed from master to backup.

VRRP groups are configured through the CLI. The VRRP group ID can be between 1 and 65535.

Syntax

config system interface

edit <port>

config vrrp

edit <id>

set vrgrp <id>

end

end

 

A VRRP column has also been added to the interfaces list in the web-based manager that will show the VRRP ID, group, and status. This list can be found at System > Network > Interfaces.

Using a Second Destination IP (VRDST)

VRRP can now be configured with second destination IP (VRDST) for monitoring. When two IPs are used, VRRP failure will only be reported if both monitored IPs are down. A second VRDST can be configured using the CLI.

Syntax

config system interface

edit <interface>

config vrrp

edit <id>

set vrdst <ip1> <ip2>

end

end

Trigger Failover

HA failover can now be enabled and disabled using the following CLI commands:

  • diagnose sys ha set-as-master enable: immediately enables the local FortiGate unit as the HA master.
  • diagnose sys ha set-as-master disable: immediately disables this mode. Optionally, a time frame can be added after disable, which will disable the mode at the appointed time. The time format is yyyy-mm-dd hh:mm:ss.

Synchronizing a GTP Tunnel over Physical Ports

In order to properly handle GPRS Tunneling Protocol (GTP) synchronization under high stress loads, FortiOS 5.2 will use the interfaces set in set session-sync-dev (part of config system ha) to allow GTP tunnels to synchronize directly over physical ports when both the HA primary and secondary are up. A new diagnose command, diagnose firewall gtp hash-stat, has also been added to display GTP hash stat separately.

IPv6 Management Interface Gateway

IPv6 management interface gateways are now supported in FortiOS 5.2.

Syntax

config system ha

set ha-mgmt-interface-gateway6 <IPv6_address>

end

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy