config : system ha
 
system ha
Use this command to configure the FortiWeb appliance to act as a member of a high availability (HA) cluster in order to improve availability.
By default, FortiWeb appliances are each a single, standalone appliance. They operate independently.
If you have purchased more than one, however, you can configure the FortiWeb appliances to form an active-passive high availability (HA) FortiWeb cluster. This improves availability so that you can achieve your service level agreement (SLA) uptimes regardless of, for example, hardware failure or maintenance periods.
 
If you have multiple FortiWeb appliances but do not need failover, you can still synchronize the configuration. This can be useful for cloned network environments and externally load-balanced active-active HA. See “config system conf-sync”.
HA requirements
Two identical physical FortiWeb appliances (i.e., the same hardware model and firmware version (for example, both appliances could be a FortiWeb‑3000C running FortiWeb ))
Redundant network topology: if the active appliance fails, physical network cabling and routes must redirect web traffic to the standby appliance
At least one physical port on both HA appliances connected directly, via crossover cables, or through switches
 
FortiWeb-VM now supports HA. However, if you do not wish to use the native HA, you can use your hypervisor or VM environment manager to install your virtual appliances over a hardware cluster to improve availability. For example, VMware clusters can use vMotion or VMware HA.
The style of FortiWeb HA is active-passive: one appliance is elected to be the active appliance (also called the primary, main, or master), applying the policies for all connections. The other is a passive standby (also called the secondary, standby, or slave), which assumes the role of the active appliance and begins processing connections only if the active appliance fails.
For more information on HA, including troubleshooting, failover behavior, synchronized data, and network topology, see the FortiWeb Administration Guide.
To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For more information, see “Permissions”.
Syntax
config system ha
set mode {active‑passive | standalone}
set group-id <group_int>
[set group-name <pair‑name_str>]
set priority <level_int>
set override {enable | disable}
set hbdev <interface_name>
[set hbdev-backup <interface_name>]
set hb-interval <milliseconds_int>
set hb-lost-threshold <seconds_int>
set arps <arp_int>
set arp-interval <seconds_int>
[set monitor {<interface_name> ...}]
set boot-time <limit_int>
end
Variable
Description
Default
mode {active‑passive | standalone}
Select one of the following:
active-passive — Form an HA group with another FortiWeb appliance. The appliances operate together, with the standby assuming the role of the active appliance if it fails.
standalone — Operate each appliance independently.
Note: To avoid connectivity issues, do not use config system ha to remove an appliance from an HA cluster. Instead, use execute ha disconnect, which removes the appliance from the cluster and changes the HA mode to standalone.
standalone
group-id <group_int>
Type a number that identifies the HA pair.
Both members of the HA pair must have the same group ID. If you have more than one HA pair on the same network, each HA pair must have a different group ID.
Changing the group ID changes the cluster’s virtual MAC address.
The valid range is 0 to 63.
0
group-name <pair‑name_str>
Type a name to identify the HA pair if you have more than one.
This setting is optional, and does not affect HA function.
The maximum length is 35 characters.
No default.
priority <level_int>
Type the priority of the appliance when electing the primary appliance in the HA pair. (On standby devices, this setting can be reconfigured using the CLI command execute ha manage.)
This setting is optional. The smaller the number, the higher the priority. The valid range is 0 to 9.
Note: By default, unless you enable override {enable | disable}, uptime is more important than this setting. For details, see the FortiWeb Administration Guide.
5
override {enable | disable}
Enable to make priority <level_int> a more important factor than uptime when selecting the primary appliance.
disable
hbdev <interface_name>
Select which port on this appliance that the main and standby appliances will use to send heartbeat signals and synchronization data between each other (i.e. the HA heartbeat link). The maximum length is 15 characters.
Connect this port to the same port number on the other member of the HA cluster. (e.g., If you select port3 for the primary heartbeat link, connect port3 on this appliance to port3 on the other appliance.)
At least one heartbeat interface must be selected on each appliance in the HA cluster. Ports that currently have an IP address assigned for other purposes (that is, virtual servers or bridges) cannot be re-used as a heartbeat link.
At least one heartbeat interface must be selected on each appliance in the HA cluster. Ports that currently have an IP address assigned for other purposes (that is, virtual servers or bridges) cannot be re-used as a heartbeat link.
Tip: If enough ports are available, you can select both a primary heartbeat interface and a secondary heartbeat interface (hbdev-backup <interface_name>) on each appliance in the HA pair to provide heartbeat link redundancy. (You cannot use the same port as both the primary and secondary heartbeat interface on the same appliance, as this is incompatible with the purpose of link redundancy.)
Note: If a switch is used to connect the heartbeat interfaces, the heartbeat interfaces must be reachable by Layer 2 multicast.
No default.
hbdev-backup <interface_name>
Select a secondary, standby port on this appliance that the main and standby appliances will use to send heartbeat signals and synchronization data between each other (i.e. the HA heartbeat link).
It must not be the same network interface as hbdev <interface_name>. The maximum length is 15 characters.
Connect this port to the same port number on the other member of the HA cluster. (e.g., If you select port4 for the secondary heartbeat link, connect port4 on this appliance to port4 on the other appliance.)
Ports that currently have an IP address assigned for other purposes (that is, virtual servers or bridges) cannot be re-used as a heartbeat link.
No default.
arps <arp_int>
Type the number of times that the FortiWeb appliance will broadcast address resolution protocol (ARP) packets when it takes on the main role. (Even though a new NIC has not actually been connected to the network, FortiWeb does this to notify the network that a different physical port has become associated with the IP address and virtual MAC of the HA pair.) This is sometimes called “using gratuitous ARP packets to train the network,” and can occur when the main appliance is starting up, or during a failover. Also configure arp-interval <seconds_int>.
Normally, you do not need to change this setting. Exceptions include:
Increase the number of times the main appliance sends gratuitous ARP packets if your HA pair takes a long time to fail over or to train the network. Sending more gratuitous ARP packets may help the failover to happen faster.
Decrease the number of times the main appliance sends gratuitous ARP packets if your HA pair has a large number of VLAN interfaces and virtual domains. Because gratuitous ARP packets are broadcast, sending them may generate a large amount of network traffic. As long as the HA pair still fails over successfully, you could reduce the number of times gratuitous ARP packets are sent to reduce the amount of traffic produced by a failover.
The valid range is 1 to 16.
3
arp-interval <seconds_int>
Type the number of seconds to wait between each broadcast of ARP packets.
Normally, you do not need to change this setting. Exceptions include:
Decrease the interval if your HA pair takes a long time to fail over or to train the network. Sending ARP packets more frequently may help the failover to happen faster.
Increase the interval if your HA pair has a large number of VLAN interfaces and virtual domains. Because gratuitous ARP packets are broadcast, sending them may generate a large amount of network traffic. As long as the HA pair still fails over successfully, you could increase the interval between when gratuitous ARP packets are sent to reduce the rate of traffic produced by a failover.
The valid range is from 1 to 20.
1
hb-interval <milliseconds_int>
Type the number of 100-millisecond intervals to set the pause between each heartbeat packet that the one FortiWeb appliance sends to the other FortiWeb appliance in the HA pair. This is also the amount of time that a FortiWeb appliance waits before expecting to receive a heartbeat packet from the other appliance.
This part of the configuration is synchronized between the active appliance and standby appliance.
The valid range is 1 to 20 (that is, between 100 and 2,000 milliseconds).
Note: Although this setting is synchronized between the main and standby appliances, you should initially configure both appliances with the same hb-interval <milliseconds_int> to prevent inadvertent failover from occurring before the initial synchronization.
1
hb-lost-threshold <seconds_int>
Type the number of times one of HA appliances retries the heartbeat and waits to receive HA heartbeat packets from the other HA appliance before assuming that the other appliance has failed.
This part of the configuration is synchronized between the main appliance and standby appliance.
Normally, you do not need to change this setting. Exceptions include:
Increase the failure detection threshold if a failure is detected when none has actually occurred. For example, during peak traffic times, if the main appliance is very busy, it might not respond to heartbeat packets in time, and the standby appliance may assume that the main appliance has failed.
Reduce the failure detection threshold or detection interval if administrators and HTTP clients have to wait too long before being able to connect through the main appliance, resulting in noticeable down time.
The valid range is from 1 to 60.
Note: Although this setting is synchronized between the main and standby appliances, you should initially configure both appliances with the same hb-lost-threshold <seconds_int> to prevent inadvertent failover from occurring before the initial synchronization.
Note: You can use SNMP traps to notify you when a failover is occurring. For details, see “config system snmp community”.
3
monitor {<interface_name> ...}
Type the name of one or more network interfaces that each directly correlate with a physical link. These ports will be monitored for link failure.
Separate the name of each network interface with a space. To remove from or add to the list of monitored network interfaces, retype the entire list.
Port monitoring (also called interface monitoring) monitors physical network ports to verify that they are functioning properly and linked to their networks. If the physical port fails or the cable becomes disconnected, a failover occurs. You can monitor physical interfaces, but not VLAN subinterfaces or 4-port switches.
Note: To prevent an unintentional failover, do not configure port monitoring until you configure HA on both appliances in the HA pair, and have plugged in the cables to link the physical network ports that will be monitored.
No default.
boot-time <limit_int>
Type the maximum number of seconds that a appliance will wait for a heartbeat or synchronization connection after the appliance returns online.
If this limit is exceeded, the appliance will assume that the other unit is unresponsive, and assume the role of the main appliance.
Due to the default heartbeat and synchronization intervals, as long as the HA pair are cabled directly together, the default value is usually sufficient. If the HA heartbeat link passes through other devices, such as routers and switches, however, a larger value may be needed. You may notice this especially when updating the firmware.
The valid range is from 1 to 100 seconds.
30
Example
This example configures a FortiWeb appliance as one appliance in an active-passive HA pair whose group ID is 1. The primary heartbeat occurs over port3, and the secondary heartbeat link is over port4. Priority is more important than uptime when electing the main appliance. The appliance will wait 30 seconds after boot time for a heartbeat or synchronization before assuming that it should be that main appliance. Aside from the heartbeat link, failover can also be triggered by port monitoring of port1 and port2.
config system ha
set mode active-passive
set group-id 1
set priority 6
set override enable
set hbdev port3
set hbdev-backup port4
set arps 3
set arp-interval 2
set hb-interval 1
set hb-lost-threshold 3
set monitor port1 port2
set boot-time 30
end
Related topics
config system interface
config system fail-open
config system global
diagnose debug application hasync
diagnose debug application hatalk
diagnose system ha status
diagnose system ha mac
execute ha disconnect
execute ha manage
execute ha synchronize
get system status