Configuring FortiWeb Active-Passive HA cluster with Unicast Heartbeat
- Log in to either one of the FortiWeb-VM.
- Go to System > High Availability > Settings.
- Select Active-Passive mode in drop down list.
- Select UDP Tunnel for Network Type.
- Set Group ID as 18 to avoid HA cluster conflict.
- Set Local IP Address and Peer IP Address as 10.0.2.1 and 10.0.2.2.
- Select port1 for Reserved Management Interface. UDP unicast requires at least one Reserve interface.
Please note that the Local IP Address and Peer IP Address should be configured with the IP addresses that are bound to the Reserved Management Interface, otherwise they will be synchronized across the HA nodes in active-passive HA mode.
- Click Apply.
- Configure the second FortiWeb-VM with the same settings, except Local IP Address as 10.0.2.2 and Peer IP Address as 10.0.2.1, the Device Priority with a different value. The device with a lower priority value will take the primary role.
- After a few minutes, log in to both of the FortiWeb-VM GUI. You should see the correct HA info.
CLI Commands
Primary device:
FortiWeb # config system ha
FortiWeb (ha) # set mode active-passive
FortiWeb (ha) # set network-type udp-tunnel
FortiWeb (ha) # set override enable
FortiWeb (ha) # set priority 1
FortiWeb (ha) # set group-id 18
FortiWeb (ha) # set tunnel-local 10.0.2.1
FortiWeb (ha) # set tunnel-peer 10.0.2.2
FortiWeb(ha) # set ha-mamt-status enable
FortiWeb(ha) # set ha-mgmt-interface port1
FortiWeb (ha) # end
Secondary device:
FortiWeb # config system ha
FortiWeb (ha) # set mode active-passive
FortiWeb (ha) # set network-type udp-tunnel
FortiWeb (ha) # set override enable
FortiWeb (ha) # set priority 5
FortiWeb (ha) # set group-id 18
FortiWeb (ha) # set tunnel-local 10.0.2.2
FortiWeb (ha) # set tunnel-peer 10.0.2.1
FortiWeb(ha) # set ha-mamt-status enable
FortiWeb(ha) # set ha-mgmt-interface port1
FortiWeb (ha) # end