Fortinet fortigate-100a Betriebsanweisung
84
01-28006-0068-20041105
Fortinet Inc.
System config
To modify the dead gateway detection settings
Modify dead gateway detection to control how the FortiGate unit confirms connectivity
with a ping server added to an interface configuration. For information about adding a
ping server to an interface, see
with a ping server added to an interface configuration. For information about adding a
ping server to an interface, see
1
Go to System > Config > Options.
2
For Detection Interval, type a number in seconds to specify how often the FortiGate
unit tests the connection to the ping target.
unit tests the connection to the ping target.
3
For Fail-over Detection, type a number of times that the connection test fails before
the FortiGate unit assumes that the gateway is no longer functioning.
the FortiGate unit assumes that the gateway is no longer functioning.
4
Select Apply.
HA
Fortinet achieves high availability (HA) using redundant hardware and the FortiGate
Clustering Protocol (FGCP). Each FortiGate unit in an HA cluster enforces the same
overall security policy and shares the same configuration settings. You can add up to
32 FortiGate units to an HA cluster. Each FortiGate unit in an HA cluster must be the
same model and must be running the same FortiOS firmware image.
Clustering Protocol (FGCP). Each FortiGate unit in an HA cluster enforces the same
overall security policy and shares the same configuration settings. You can add up to
32 FortiGate units to an HA cluster. Each FortiGate unit in an HA cluster must be the
same model and must be running the same FortiOS firmware image.
The FortiGate units in the cluster use cluster ethernet interfaces to communicate
cluster session information, synchronize the cluster configuration, synchronize the
cluster routing table, and report individual cluster member status. The units in the
cluster are constantly communicating HA status information to make sure that the
cluster is operating properly. This communication is called the HA heartbeat.
cluster session information, synchronize the cluster configuration, synchronize the
cluster routing table, and report individual cluster member status. The units in the
cluster are constantly communicating HA status information to make sure that the
cluster is operating properly. This communication is called the HA heartbeat.
FortiGate HA supports link failover, device failover, and HA heartbeat failover.
FortiGate units can be configured to operate in active-passive (A-P) or active-active
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
Note: You should select the language that the management computer operating system uses.
Link failover
If one of the links to a FortiGate unit in an HA cluster fails, all functions, all
established firewall connections, and all IPSec VPN sessions
a
are maintained
by the other FortiGate units in the HA cluster. For information about link
.
a.HA does not provide session failover for PPPoE, DHCP, PPTP, and L2TP services.
Device failover If one of the FortiGate units in an HA cluster fails, all functions, all established
firewall connections, and all IPSec VPN sessions are maintained by the other
FortiGate units in the HA cluster.
HA heartbeat
failover
failover
You can configure multiple interfaces to be HA heartbeat devices. If an
interface functioning as an HA heartbeat device fails, the HA heartbeat is
transferred to another interface also configured as an HA heartbeat device.