Fortinet fortigate-200a Betriebsanweisung
System config
HA
FortiGate-300A Administration Guide
01-28006-0092-20041105
85
FortiGate units can be configured to operate in active-passive (A-P) or active-active
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
An active-passive (A-P) HA cluster, also referred to as hot standby HA, consists of a
primary FortiGate unit that processes traffic, and one or more subordinate FortiGate
units. The subordinate FortiGate units are connected to the network and to the
primary FortiGate unit but do not process traffic.
primary FortiGate unit that processes traffic, and one or more subordinate FortiGate
units. The subordinate FortiGate units are connected to the network and to the
primary FortiGate unit but do not process traffic.
Active-active (A-A) HA load balances network traffic all the FortiGate units in the
cluster. An active-active HA cluster consists of a primary FortiGate unit that processes
traffic and one or more subordinate units that also process traffic. The primary
FortiGate unit uses a load balancing algorithm to distribute virus scanning to all the
FortiGate units in the HA cluster.
cluster. An active-active HA cluster consists of a primary FortiGate unit that processes
traffic and one or more subordinate units that also process traffic. The primary
FortiGate unit uses a load balancing algorithm to distribute virus scanning to all the
FortiGate units in the HA cluster.
By default the FortiGate unit load balances virus scanning among all of the FortiGate
units in the cluster. Using the CLI, you can configure the FortiGate unit to load balance
all network traffic among the FortiGate units in the cluster. See the FortiGate CLI
Reference Guide for more information.
units in the cluster. Using the CLI, you can configure the FortiGate unit to load balance
all network traffic among the FortiGate units in the cluster. See the FortiGate CLI
Reference Guide for more information.
•
•
•
For more information about FortiGate HA and the FGCP, see the FortiGate High
Availability Guide.
Availability Guide.
HA configuration
Go to System > Config > HA and use the options described below to configure HA.
Link failover
If one of the links to a FortiGate unit in an HA cluster fails, all functions, all
established firewall connections, and all IPSec VPN sessions
a
are maintained
by the other FortiGate units in the HA cluster. For information about link
.
a.HA does not provide session failover for PPPoE, DHCP, PPTP, and L2TP services.
Device failover If one of the FortiGate units in an HA cluster fails, all functions, all established
firewall connections, and all IPSec VPN sessions are maintained by the other
FortiGate units in the HA cluster.
HA heartbeat
failover
failover
You can configure multiple interfaces to be HA heartbeat devices. If an
interface functioning as an HA heartbeat device fails, the HA heartbeat is
transferred to another interface also configured as an HA heartbeat device.