Sub-second failover

On FortiGate models 395xB and 3x40B HA link failover supports sub-second failover (that is a failover time of less than one second). Sub-second failover is available for interfaces that can issue a link failure system call when the interface goes down. When an interface experiences a link failure and sends the link failure system call, the FGCP receives the system call and initiates a link failover.

For interfaces that do not support sub-second failover, port monitoring regularly polls the connection status of monitored interfaces. When a check finds that an interface has gone down, port monitoring causes a link failover. Sub-second failover results in a link failure being detected sooner because the system doesn’t have to wait for the next poll to find out about the failure.

Sub-second failover can accelerate HA failover to reduce the link failover time to less than one second under ideal conditions. Actual failover performance may be vary depending on traffic patterns and network configuration. For example, some network devices may respond slowly to an HA failover.

No configuration changes are required to support sub-second failover. However, for best sub-second failover results, the recommended heartbeat interval is 100ms and the recommended lost heartbeat threshold is 5 (see Modifying heartbeat timing).

config system ha

set hb-lost-threshold 5

set hb-interval 1


For information about how to reduce failover times, see Failover performance.