Fortinet black logo

CLI Reference

config system ha

config system ha

Use this command to configure high availability (HA) settings.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system ha

set mode {active-active | active-active-vrrp | active-passive | standalone}

set arps <integer>

set arps-interval <integer>

set auto-config-sync {enable|disable}

set config-priority <integer>

set datadev <datasource>

set group-id <integer>

set group-name <string>

set ha-eth-type <4 digit hex>

set hatrans-eth-type <4 digit hex>

set hb-interval <integer>

set hb-lost-threshold <integer>

set hb-type {multicast|broadcast|unicast}

set hbdev <datasource>

set l2ep-eth-type (4 digit hex)

set http-persistence-pickup {enable|disable}

set local-node-id <integer>

set l4-persistence-pickup {enable|disable}

set l4-session-pickup {enable|disable}

set mgmt-status {enable | disable}

set mgmt-interface <interface>

set mgmt-ip <ip address>

set mgmt-ip-allowaccess {https ping ssh snmp http telnet}

set mgmt-mac-addr <mac address>

set monitor <datasource>

set node-list {0 1 2 3 4 5 6 7}

set override {enable|disable}

set priority <integer>

set config-priority <integer>

set remote-ip-monitor {enable|disable}

set remote-ip-failover-hold-time <integer>

set remote-ip-failover-threshold <integer>

config remote-ip-monitor-list

edit <name>

set health-check-interval <integer>

set health-check-retry <integer>

set health-check-timeout <integer>

set interface <datasource>

set remote-address <class_ip>

next

end

end

mode

  • active-active
  • active-active-vrrp
  • active-passive
  • standalone

Note: If you change this setting, you are logged out of the CLI, and you can log in again if permitted by the new configuration.

arps

Number of times that the cluster member broadcasts extra address resolution protocol (ARP) packets when it takes on the primary role. (Even though a new NIC has not actually been connected to the network, the member does this to notify the network that a new physical port has become associated with the IP address and virtual MAC of the HA cluster.) This is sometimes called “using gratuitous ARP packets to train the network,” and can occur when the primary node is starting up, or during a failover. Also configure ARP Packet Interval.

Normally, you do not need to change this setting. Exceptions include:

Increase the number of times the primary node sends gratuitous ARP packets if an active-passive cluster takes a long time to fail over or to train the network. Sending more gratuitous ARP packets may help the failover to happen faster.

Decrease the number of times the primary node sends gratuitous ARP packets if the cluster has a large number of VLAN interfaces and virtual domains. Because gratuitous ARP packets are broadcast, sending them might generate a large amount of network traffic. As long as the active-passive cluster fails over successfully, you can reduce the number of times gratuitous ARP packets are sent to reduce the amount of traffic produced by a failover.

The valid range is 1 to 60. The default is 5.

arps-interval

Number of seconds to wait between each broadcast of ARP packets.

Normally, you do not need to change this setting. Exceptions include:

Decrease the interval if an active-passive cluster takes a long time to fail over or to train the network. Sending ARP packets more frequently may help the failover to happen faster.

Increase the interval if the cluster has a large number of VLAN interfaces and virtual domains. Because gratuitous ARP packets are broadcast, sending them might generate a large amount of network traffic. As long as the active-passive cluster fails over successfully, you can increase the interval between when gratuitous ARP packets are sent to reduce the rate of traffic produced by a failover.

The valid range is from 1 to 20. The default is 6 seconds.

auto-config-sync

Enable/disable automatic configuration synchronization. When enabled, synchronization occurs immediately when an appliance joins the cluster, and thereafter every 30 seconds. Disable if you prefer to manage synchronization manually.

config-priority

Allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. It accepts an integer value between 0 and 255. The default value is 100.

datadev

Set the network interface to be used for data synchronization among cluster nodes. You can configure up to two data ports. If one data port fails, its traffic fails over to the next data port. If all data ports fail, data synchronization traffic fails over to the heartbeat port. If you do not configure a data port, the heartbeat port is used for synchronization.

Use the same port numbers for all cluster members. For example, if you select port3 on the primary node, select port3 as the data port interface on the other member nodes.

group-id

Number that identifies the HA cluster.

Nodes with the same group ID join the cluster.

If you have more than one HA cluster on the same network, each cluster must have a different group ID.

The group ID is used in the virtual MAC address that is sent in broadcast ARP messages.

The valid range is 0 to 31. The default value is 0.

group-name

Name to identify the HA cluster if you have more than one.

This setting is optional, and does not affect HA function.

The maximum length is 63 characters.

ha-eth-type

A Layer-3 protocol number for the HA data channel. It is used for heartbeat packets type, and is also used for Layer-7/Layer-4 session persistence sync.

hatrans-eth-type

A Layer-3 protocol number for the HA data channel. It works in active-active (AA) mode, and is used for traffic relay between HA nodes in AA mode.

hb-interval

Number of 100-millisecond intervals at which heartbeat packets are sent. This is also the interval at which a node expects to receive heartbeat packets.

This part of the configuration is pushed from the primary node to member nodes.

The valid range is 1 to 20 (that is, between 100 and 2,000 milliseconds).

Note: Although this setting is pushed from the primary node to member nodes, you should initially configure all nodes with the same Detection Interval to prevent inadvertent failover from occurring before the initial synchronization.

hb-type

Specify whether the destination MAC address of HA message is broadcast, multicast, or unicast (this is only supported in Active-Active-VRRP mode).

hb-lost-threshold

Number of times a node retries the heartbeat and waits to receive HA heartbeat packets from the other nodes before concluding the other node is down.

This part of the configuration is pushed from the primary node to member nodes.

Normally, you do not need to change this setting. Exceptions include:

Increase the failure detection threshold if a failure is detected when none has actually occurred. For example, in an active-passive deployment, if the primary node is very busy during peak traffic times, it might not respond to heartbeat packets in time, and a standby node might assume that the primary node has failed.

Decrease the failure detection threshold or detection interval if administrators and HTTP clients have to wait too long before being able to connect through the primary node, resulting in noticeable down time.

The valid range is from 1 to 60.

Note: Although this setting is pushed from the primary node to member nodes, you should initially configure all nodes with the same HB Lost Threshold to prevent inadvertent failover from occurring before the initial synchronization.

hbdev

Set the network interface to be used for heartbeat packets. You can configure one or two heartbeat ports.

Use the same port number for all cluster members. For example, if you select port3 on the primary node, select port3 as the heartbeat interface on the other member nodes.

Note: If a switch is used to connect the heartbeat interfaces, the heartbeat interfaces must be reachable by Layer 2 multicast.

l2ep-eth-type

A Layer-3 protocol number for the HA data channel. It is used for configuration sync, HC result sync, and applications dynamic data.

http-persistence-pickup

Enable to synchronize Layer 7 session data used for persistence to backend servers.

When enabled, the Source Address Persistence table is synchronized between HA members.

When not enabled, a node that receives traffic due to failover would not know that a session had been created already, so it will be treated as a new session.

Synchronization of the persistence table is not required for cookie-based or hash-based persistence methods to get the desired result. Client traffic will be routed to the same backend server.

Synchronization of the persistence table is not possible for SSL session ID. When the session via the first node is terminated, the client must re-establish an SSL connection via the second node. When a client requests a new SSL connection with an SSL server, the initial TCP connection has an SSL Session ID of 0. This zero value tells the server that it needs to set up a new SSL session and to generate an SSL Session ID. The server sends the new SSL Session ID in its response to the client as part of the SSL handshake.

l4-persistence-pickup

Enable to synchronize Layer 4 session data used for persistence to backend servers.

When enabled, the Source Address Persistence table is synchronized between HA members. When not enabled, a node that receives traffic because of load balancing or failover would not know that a session had been created already, so it will be treated as a new session.

Synchronization of the persistence table is not required for hash-based persistence methods to get the desired result. Client traffic will be routed to the same backend server.

l4-session-pickup

Enable to synchronize Layer 4 connection state data.

When enabled, the TCP session table is synchronized. If subsequent traffic for the connection is distributed through a different cluster node because of failover, the TCP sessions can resume without interruption.

When not enabled, a node that receives traffic because of failover would not know that a session had been created already, and the client will be required to re-initialize the connection.

local-node-id

A number that uniquely identifies the member within the cluster. The valid range is 0-7. In an active-active deployment, this number is used in the virtual MAC address that is sent in ARP responses. In an active-passive deployment, this number is not used.

mgmt-status

This setting must be enabled before other management options can be set.

mgmt-interface

Set a management interface.

mgmt-ip

Set a management IP address.

mgmt-ip-allowaccess

Set which methods are allowed access to the management IP.

mgmt-mac-addr

Set a management MAC address. This setting is optional. If it is not set, the system will assign a MAC address randomly.

monitor

One or more network interfaces that correlate with a physical link. These ports will be monitored for link failure.

Port monitoring (also called interface monitoring) monitors physical network ports to verify that they are functioning properly and linked to their networks. You can monitor physical interfaces and 802.3ad aggregated interfaces.

Note: To prevent an unintentional failover, do not configure port monitoring until you configure HA on all appliances and have plugged in the cables to link the physical network ports that will be monitored.

node-list

Specify the node IDs for the nodes in the cluster. An active-active cluster can have up to eight members.

override

Enable to make Device Priority a more important factor than uptime when selecting the primary node.

priority

Number indicating priority of the member node when electing the cluster primary node.

This setting is optional. The smaller the number, the higher the priority. The valid range is 0 to 9. The default is 5.

Note: By default, unless you enable Override, uptime is more important than this setting.

config-priority

Allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. It is highly recommended that you use this option to manually set different HA configuration priority values on the nodes. Otherwise, you'll have no control over the system's primary-secondary configuration sync behavior. When the configuration priority values are identical on both nodes (whether by default or by configuration), the system uses the configuration of the appliance with the larger serial number to override that of the appliance with the smaller serial number. When the configuration priority values on the nodes are different, the configuration of the appliance with the lower configuration priority will prevail.

Range of acceptable values is 0 to 255. Default is 100.

remote-ip-monitor

Enable/disable active monitoring of a beacon remote IP address.

remote-ip-failover-hold-time

If failover occurs due to a remote IP monitor test, and this node's role changes (to primary or secondary), it cannot change again until the holdtime elapses. Holdtime can be used to prevent looping.The default holdtime is 120 seconds. The valid range is 60-86400.

remote-ip-failover-threshold

Number of unreachable remote-ip-monitor-list to indicate failure. The default is 5. The valid range is 1-64.
config remote-ip-monitor-list

health-check-interval

Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10.

health-check-retry

Number of retries to confirm up or down. The default is 3 retries. The valid range is 1-10.

health-check-timeout

Seconds to wait for a reply before assuming that the health check has failed. The default is 5.

interface

Interface to send the health check ping.

remote-address

Remote address to ping.

Example

FortiADC-VM # get system ha

mode : standalone

hbdev :

datadev :

group-id : 0

group-name :

priority : 5

config-priority : 100

override : disable

hb-interval : 2

arps : 5

hb-lost-threshold : 6

arps-interval : 6

l7-persistence-pickup : disable

l4-persistence-pickup : disable

l4-session-pickup : disable

auto-config-sync : enable

monitor :

remote-ip-monitor : disable

boot-time : 30

ha-eth-type : 8890

hatrans-eth-type : 8892

l2ep-eth-type : 8893

hb-type : multicast

FortiADC-VM # config system ha

FortiADC-VM (ha) # set hbdev port2

FortiADC-VM (ha) # set datadev port3

FortiADC-VM (ha) # set group-name dc1-pair

FortiADC-VM (ha) # set priority 1

FortiADC-VM (ha) # set mode active-passive

FortiADC-VM (ha) # end

(M) FortiADC-VM # get system ha

mode : active-passive

hbdev : port2

datadev : port3

group-id : 0

group-name : dc1-pair

priority : 1

config-priority : 100

override : disable

hb-interval : 2

arps : 5

hb-lost-threshold : 6

arps-interval : 6

l7-persistence-pickup : disable

l4-persistence-pickup : disable

l4-session-pickup : disable

auto-config-sync : enable

monitor :

remote-ip-monitor : disable

boot-time : 30

ha-eth-type : 8890

hatrans-eth-type : 8892

l2ep-eth-type : 8893

hb-type : multicast

config system ha

Use this command to configure high availability (HA) settings.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system ha

set mode {active-active | active-active-vrrp | active-passive | standalone}

set arps <integer>

set arps-interval <integer>

set auto-config-sync {enable|disable}

set config-priority <integer>

set datadev <datasource>

set group-id <integer>

set group-name <string>

set ha-eth-type <4 digit hex>

set hatrans-eth-type <4 digit hex>

set hb-interval <integer>

set hb-lost-threshold <integer>

set hb-type {multicast|broadcast|unicast}

set hbdev <datasource>

set l2ep-eth-type (4 digit hex)

set http-persistence-pickup {enable|disable}

set local-node-id <integer>

set l4-persistence-pickup {enable|disable}

set l4-session-pickup {enable|disable}

set mgmt-status {enable | disable}

set mgmt-interface <interface>

set mgmt-ip <ip address>

set mgmt-ip-allowaccess {https ping ssh snmp http telnet}

set mgmt-mac-addr <mac address>

set monitor <datasource>

set node-list {0 1 2 3 4 5 6 7}

set override {enable|disable}

set priority <integer>

set config-priority <integer>

set remote-ip-monitor {enable|disable}

set remote-ip-failover-hold-time <integer>

set remote-ip-failover-threshold <integer>

config remote-ip-monitor-list

edit <name>

set health-check-interval <integer>

set health-check-retry <integer>

set health-check-timeout <integer>

set interface <datasource>

set remote-address <class_ip>

next

end

end

mode

  • active-active
  • active-active-vrrp
  • active-passive
  • standalone

Note: If you change this setting, you are logged out of the CLI, and you can log in again if permitted by the new configuration.

arps

Number of times that the cluster member broadcasts extra address resolution protocol (ARP) packets when it takes on the primary role. (Even though a new NIC has not actually been connected to the network, the member does this to notify the network that a new physical port has become associated with the IP address and virtual MAC of the HA cluster.) This is sometimes called “using gratuitous ARP packets to train the network,” and can occur when the primary node is starting up, or during a failover. Also configure ARP Packet Interval.

Normally, you do not need to change this setting. Exceptions include:

Increase the number of times the primary node sends gratuitous ARP packets if an active-passive cluster takes a long time to fail over or to train the network. Sending more gratuitous ARP packets may help the failover to happen faster.

Decrease the number of times the primary node sends gratuitous ARP packets if the cluster has a large number of VLAN interfaces and virtual domains. Because gratuitous ARP packets are broadcast, sending them might generate a large amount of network traffic. As long as the active-passive cluster fails over successfully, you can reduce the number of times gratuitous ARP packets are sent to reduce the amount of traffic produced by a failover.

The valid range is 1 to 60. The default is 5.

arps-interval

Number of seconds to wait between each broadcast of ARP packets.

Normally, you do not need to change this setting. Exceptions include:

Decrease the interval if an active-passive cluster takes a long time to fail over or to train the network. Sending ARP packets more frequently may help the failover to happen faster.

Increase the interval if the cluster has a large number of VLAN interfaces and virtual domains. Because gratuitous ARP packets are broadcast, sending them might generate a large amount of network traffic. As long as the active-passive cluster fails over successfully, you can increase the interval between when gratuitous ARP packets are sent to reduce the rate of traffic produced by a failover.

The valid range is from 1 to 20. The default is 6 seconds.

auto-config-sync

Enable/disable automatic configuration synchronization. When enabled, synchronization occurs immediately when an appliance joins the cluster, and thereafter every 30 seconds. Disable if you prefer to manage synchronization manually.

config-priority

Allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. It accepts an integer value between 0 and 255. The default value is 100.

datadev

Set the network interface to be used for data synchronization among cluster nodes. You can configure up to two data ports. If one data port fails, its traffic fails over to the next data port. If all data ports fail, data synchronization traffic fails over to the heartbeat port. If you do not configure a data port, the heartbeat port is used for synchronization.

Use the same port numbers for all cluster members. For example, if you select port3 on the primary node, select port3 as the data port interface on the other member nodes.

group-id

Number that identifies the HA cluster.

Nodes with the same group ID join the cluster.

If you have more than one HA cluster on the same network, each cluster must have a different group ID.

The group ID is used in the virtual MAC address that is sent in broadcast ARP messages.

The valid range is 0 to 31. The default value is 0.

group-name

Name to identify the HA cluster if you have more than one.

This setting is optional, and does not affect HA function.

The maximum length is 63 characters.

ha-eth-type

A Layer-3 protocol number for the HA data channel. It is used for heartbeat packets type, and is also used for Layer-7/Layer-4 session persistence sync.

hatrans-eth-type

A Layer-3 protocol number for the HA data channel. It works in active-active (AA) mode, and is used for traffic relay between HA nodes in AA mode.

hb-interval

Number of 100-millisecond intervals at which heartbeat packets are sent. This is also the interval at which a node expects to receive heartbeat packets.

This part of the configuration is pushed from the primary node to member nodes.

The valid range is 1 to 20 (that is, between 100 and 2,000 milliseconds).

Note: Although this setting is pushed from the primary node to member nodes, you should initially configure all nodes with the same Detection Interval to prevent inadvertent failover from occurring before the initial synchronization.

hb-type

Specify whether the destination MAC address of HA message is broadcast, multicast, or unicast (this is only supported in Active-Active-VRRP mode).

hb-lost-threshold

Number of times a node retries the heartbeat and waits to receive HA heartbeat packets from the other nodes before concluding the other node is down.

This part of the configuration is pushed from the primary node to member nodes.

Normally, you do not need to change this setting. Exceptions include:

Increase the failure detection threshold if a failure is detected when none has actually occurred. For example, in an active-passive deployment, if the primary node is very busy during peak traffic times, it might not respond to heartbeat packets in time, and a standby node might assume that the primary node has failed.

Decrease the failure detection threshold or detection interval if administrators and HTTP clients have to wait too long before being able to connect through the primary node, resulting in noticeable down time.

The valid range is from 1 to 60.

Note: Although this setting is pushed from the primary node to member nodes, you should initially configure all nodes with the same HB Lost Threshold to prevent inadvertent failover from occurring before the initial synchronization.

hbdev

Set the network interface to be used for heartbeat packets. You can configure one or two heartbeat ports.

Use the same port number for all cluster members. For example, if you select port3 on the primary node, select port3 as the heartbeat interface on the other member nodes.

Note: If a switch is used to connect the heartbeat interfaces, the heartbeat interfaces must be reachable by Layer 2 multicast.

l2ep-eth-type

A Layer-3 protocol number for the HA data channel. It is used for configuration sync, HC result sync, and applications dynamic data.

http-persistence-pickup

Enable to synchronize Layer 7 session data used for persistence to backend servers.

When enabled, the Source Address Persistence table is synchronized between HA members.

When not enabled, a node that receives traffic due to failover would not know that a session had been created already, so it will be treated as a new session.

Synchronization of the persistence table is not required for cookie-based or hash-based persistence methods to get the desired result. Client traffic will be routed to the same backend server.

Synchronization of the persistence table is not possible for SSL session ID. When the session via the first node is terminated, the client must re-establish an SSL connection via the second node. When a client requests a new SSL connection with an SSL server, the initial TCP connection has an SSL Session ID of 0. This zero value tells the server that it needs to set up a new SSL session and to generate an SSL Session ID. The server sends the new SSL Session ID in its response to the client as part of the SSL handshake.

l4-persistence-pickup

Enable to synchronize Layer 4 session data used for persistence to backend servers.

When enabled, the Source Address Persistence table is synchronized between HA members. When not enabled, a node that receives traffic because of load balancing or failover would not know that a session had been created already, so it will be treated as a new session.

Synchronization of the persistence table is not required for hash-based persistence methods to get the desired result. Client traffic will be routed to the same backend server.

l4-session-pickup

Enable to synchronize Layer 4 connection state data.

When enabled, the TCP session table is synchronized. If subsequent traffic for the connection is distributed through a different cluster node because of failover, the TCP sessions can resume without interruption.

When not enabled, a node that receives traffic because of failover would not know that a session had been created already, and the client will be required to re-initialize the connection.

local-node-id

A number that uniquely identifies the member within the cluster. The valid range is 0-7. In an active-active deployment, this number is used in the virtual MAC address that is sent in ARP responses. In an active-passive deployment, this number is not used.

mgmt-status

This setting must be enabled before other management options can be set.

mgmt-interface

Set a management interface.

mgmt-ip

Set a management IP address.

mgmt-ip-allowaccess

Set which methods are allowed access to the management IP.

mgmt-mac-addr

Set a management MAC address. This setting is optional. If it is not set, the system will assign a MAC address randomly.

monitor

One or more network interfaces that correlate with a physical link. These ports will be monitored for link failure.

Port monitoring (also called interface monitoring) monitors physical network ports to verify that they are functioning properly and linked to their networks. You can monitor physical interfaces and 802.3ad aggregated interfaces.

Note: To prevent an unintentional failover, do not configure port monitoring until you configure HA on all appliances and have plugged in the cables to link the physical network ports that will be monitored.

node-list

Specify the node IDs for the nodes in the cluster. An active-active cluster can have up to eight members.

override

Enable to make Device Priority a more important factor than uptime when selecting the primary node.

priority

Number indicating priority of the member node when electing the cluster primary node.

This setting is optional. The smaller the number, the higher the priority. The valid range is 0 to 9. The default is 5.

Note: By default, unless you enable Override, uptime is more important than this setting.

config-priority

Allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. It is highly recommended that you use this option to manually set different HA configuration priority values on the nodes. Otherwise, you'll have no control over the system's primary-secondary configuration sync behavior. When the configuration priority values are identical on both nodes (whether by default or by configuration), the system uses the configuration of the appliance with the larger serial number to override that of the appliance with the smaller serial number. When the configuration priority values on the nodes are different, the configuration of the appliance with the lower configuration priority will prevail.

Range of acceptable values is 0 to 255. Default is 100.

remote-ip-monitor

Enable/disable active monitoring of a beacon remote IP address.

remote-ip-failover-hold-time

If failover occurs due to a remote IP monitor test, and this node's role changes (to primary or secondary), it cannot change again until the holdtime elapses. Holdtime can be used to prevent looping.The default holdtime is 120 seconds. The valid range is 60-86400.

remote-ip-failover-threshold

Number of unreachable remote-ip-monitor-list to indicate failure. The default is 5. The valid range is 1-64.
config remote-ip-monitor-list

health-check-interval

Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10.

health-check-retry

Number of retries to confirm up or down. The default is 3 retries. The valid range is 1-10.

health-check-timeout

Seconds to wait for a reply before assuming that the health check has failed. The default is 5.

interface

Interface to send the health check ping.

remote-address

Remote address to ping.

Example

FortiADC-VM # get system ha

mode : standalone

hbdev :

datadev :

group-id : 0

group-name :

priority : 5

config-priority : 100

override : disable

hb-interval : 2

arps : 5

hb-lost-threshold : 6

arps-interval : 6

l7-persistence-pickup : disable

l4-persistence-pickup : disable

l4-session-pickup : disable

auto-config-sync : enable

monitor :

remote-ip-monitor : disable

boot-time : 30

ha-eth-type : 8890

hatrans-eth-type : 8892

l2ep-eth-type : 8893

hb-type : multicast

FortiADC-VM # config system ha

FortiADC-VM (ha) # set hbdev port2

FortiADC-VM (ha) # set datadev port3

FortiADC-VM (ha) # set group-name dc1-pair

FortiADC-VM (ha) # set priority 1

FortiADC-VM (ha) # set mode active-passive

FortiADC-VM (ha) # end

(M) FortiADC-VM # get system ha

mode : active-passive

hbdev : port2

datadev : port3

group-id : 0

group-name : dc1-pair

priority : 1

config-priority : 100

override : disable

hb-interval : 2

arps : 5

hb-lost-threshold : 6

arps-interval : 6

l7-persistence-pickup : disable

l4-persistence-pickup : disable

l4-session-pickup : disable

auto-config-sync : enable

monitor :

remote-ip-monitor : disable

boot-time : 30

ha-eth-type : 8890

hatrans-eth-type : 8892

l2ep-eth-type : 8893

hb-type : multicast