Please enable JavaScript.
Coggle requires JavaScript to display documents.
Day 20 – High Availability (HA) - Coggle Diagram
Day 20 – High Availability (HA)
HA Overview
What is HA
Multiple FortiGate devices working together for reliability and performance
Increases uptime by eliminating single points of failure
Why Use HA
Ensures continuous service in case of device failure
Balances traffic across multiple devices for higher performance
How HA Works
Active device processes traffic, passive device is on standby
Devices sync configuration, sessions, and health status
HA Requirements
Same Model
All devices in the HA cluster must be the same model
Same Firmware Version
Devices need the same firmware version to prevent compatibility issues
Same Licensing
Ensures all devices have the same licenses for consistency
Same Hard Drive Configuration
Devices should have the same storage configuration if applicable
Same Operating Mode
All devices must be in HA mode, not mixed with standalone mode
HA Operation Modes
Active-Passive Mode
One device (active) processes traffic, the other (passive) is in standby
Failover happens when the active device fails
Active-Active Mode
Both devices process traffic simultaneously
Load balancing distributes traffic between active devices
Active-Passive vs Active-Active
Active-Passive: Simple failover, less complex
Active-Active: Increased performance, load balancing
HA Cluster Synchronization
What is Synchronization
Keeps devices in sync with the same configurations and session information
Key Elements Synchronized
Configuration settings, FIB entries, DHCP leases, ARP table, FortiGuard definitions, IPSec tunnel SAs
Importance of Synchronization
Ensures seamless failover and consistent network behavior
Reduces configuration errors
HA Failover Types
How Failover Works
Devices detect failure through heartbeat signals
Passive device takes over if active device fails
Failover Detection
Monitors health of devices based on CPU, memory, or network failures
Virtual MAC Address
Virtual MAC address used by the active device to avoid MAC address flapping during failover
Monitoring HA Status
GUI Widget
Visual tool to monitor the status of HA devices in the dashboard
Displays whether devices are in active or passive mode
CLI Commands
get system ha status: Displays HA status and role of devices
diagnose sys ha status: Provides detailed HA synchronization information
diagnose sys session stat: Displays session statistics for load balancing and failover status
Importance of Monitoring
Helps ensure HA cluster is functioning correctly
Quickly identifies failures or misconfigurations