Latest Office of The CISO Videos:
Who is Office of The CISO? - How to Get Into Cybersecurity - What is a Chief Information Security Officer?
What is a SOC Analyst?

Using High Availability

How to use HA

In general, to enable and configure HA, you should perform the following:

  1. If the HA cluster will use FortiGuard Antivirus and/or FortiGuard Antispam services, license all FortiMail units in the HA group for the FortiGuard Antispam and FortiGuard Antivirus services, and register them with the Fortinet Technical Support web site, https://support.fortinet.com/.
  2. Physically connect the FortiMail units that will be members of the HA cluster.

You must connect at least one of their network interfaces for heartbeat and synchronization traffic between members of the cluster. For reliability reasons, Fortinet recommends that you connect both a primary and a secondary heartbeat interface, and that they be connected directly or through a dedicated switch that is not connected to your overall network.

  1. For config-only clusters, configure each member of the cluster to store mail data on a NAS server that supports NFS connections. (Active-passive groups may also use a NAS server, but do not require it.) For details, see “Selecting the mail data storage location” on page 376.
  2. On each member of the cluster:
    • Enable the HA mode that you want to use (either active-passive or config-only) and select whether the individual member will act as a primary unit or secondary unit within the cluster. For information about the differences between the HA modes, see “About high availability” on page 305.
    • Configure the local IP addresses of the primary and secondary heartbeat and synchronization network interfaces.
    • For active-passive clusters, configure the behavior on failover, and how the network interfaces should be configured for whichever FortiMail unit is currently acting as the primary unit. Additionally, if the FortiMail units store mail data on a NAS, disable mail data synchronization between members.
    • For config-only clusters, if the FortiMail unit is a primary unit, configure the IP addresses of its secondary units; if the FortiMail unit is a secondary unit, configure the IP address of its primary unit.

For details, see “Configuring the HA mode and group” on page 319.

  1. If the HA cluster is active-passive and you want to trigger failover when hardware or a service fails, even if the heartbeat connection is still functioning, configure service monitoring. For details, see “Configuring service-based failover” on page 328.
  2. Monitor the status of each cluster member. For details, see “Monitoring the HA status” on page 313. To monitor HA events through log messages and/or alert email, you must first enable logging of HA activity events. For details, see “Logs, reports and alerts” on page 665.

Monitoring the HA status

The Status tab in the High Availability submenu shows the configured HA mode of operation of a FortiMail unit in an HA group. You can also manually initiate synchronization and reset the HA mode of operation. A reset may be required if a FortiMail unit’s effective HA mode of operation differs from its configured HA mode of operation, such as after a failover when a configured primary unit is currently acting as a secondary unit.

For FortiMail units operating as secondary units, the Status tab also lets you view the status and schedule of the HA synchronization daemon.

Appearance of the Status tab varies by:

  • whether the HA group is active-passive or config-only
  • whether the FortiMail unit is configured as a primary unit or secondary unit
  • whether a failover has occurred (active-passive only) If HA is disabled, this tab displays:

HA mode is currently disabled

Before you can use the Status tab, you must first enable and configure HA. For details, see “Configuring the HA mode and group” on page 319.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To view the HA mode of operation status, go System > High Availability > Status.

Figure 128:Active-passive HA status (primary unit)

Figure 129:Config-only HA status (primary unit)

Figure 130:Active-passive HA status (primary unit after failover)

Table 34:Viewing HA status

GUI item   Description
Mode Status    
  Configured

Operating

Mode

Displays the HA operating mode that you configured, either:

•      master: Configured to be the primary unit of an active-passive group.

•      slave: Configured to be the secondary unit of an active-passive group.

•      config master: Configured to be the primary unit of a config-only group.

•      config slave: Configured to be a secondary unit of a config-only group.

For information on configuring the HA operating mode, see “Mode of operation” on page 321.

After a failure, the FortiMail unit may not be acting in its configured HA operating mode. For details, see “Effective Operating Mode” on page 315.

  Effective

Operating

Mode

Displays the mode that the unit is currently operating in, either:

•      master: Acting as primary unit.

•      slave: Acting as secondary unit.

•      off: For primary units, this indicates that service/interface monitoring has detected a failure and has taken the primary unit offline, triggering failover. For secondary units, this indicates that synchronization has failed once; a subsequent failure will trigger failover. For details, see “On failure” on page 322 and “click HERE to restart the HA system” on page 317.

•      failed: Service/network interface monitoring has detected a failure and the diagnostic connection is currently determining whether the problem has been corrected or failover is required. For details, see “On failure” on page 322.

The configured HA operating mode matches the effective operating mode unless a failure has occurred.

For example, after a failover, a FortiMail unit configured to operate as a secondary unit could be acting as a primary unit.

For explanations of combinations of configured and effective HA modes of operation, see Table .

For information on restoring the FortiMail unit to an effective HA operating mode that matches the configured operating mode, see “click HERE to restore configured operating mode” on page 317.

This option appears only if the FortiMail unit is a member of an active-passive HA group.

Daemon Status  

Table 34:Viewing HA status

GUI item Description
  Monitor             Displays the time at which the secondary unit’s HA daemon will check to make sure that the primary unit is operating correctly, and, if monitoring has detected a failure, the number of times that a failure has occurred.

Monitoring occurs through the heartbeat link between the primary and secondary units. If the heartbeat link becomes disconnected, the next time the secondary unit checks for the primary unit, the primary unit will not respond. If the maximum number of consecutive failures is reached, and no secondary heartbeat or remote service monitoring heartbeat is available, the secondary unit will change its effective HA operating mode to become the new primary unit.

For details, see “HA base port” on page 324.

This option appears only for secondary units in active-passive HA groups.

  Configuration Displays the time at which the secondary unit’s HA daemon will synchronize the FortiMail configuration from the primary unit to the secondary unit.

The message slave unit is currently synchronizing appears when the HA daemon is synchronizing the configuration.

For information on items that are not synchronized, see “Configuration settings that are not synchronized” on page 309.

This option appears only for secondary units in active-passive HA groups.

  Data Displays the time at which the secondary unit HA daemon will synchronize mail data from the primary unit to the secondary unit.

The message slave unit is currently synchronizing appears when the HA daemon is synchronizing data.

For details, see “Backup mail data directories” on page 323 and “Backup MTA queue directories” on page 323.

This option appears only for secondary units in active-passive HA groups.

click HERE to start a configuration/data sync Click to manually initiate synchronization of the configuration and, for active-passive groups, mail data. For information on items that are not synchronized, see “Configuration settings that are not synchronized” on page 309.

Table 34:Viewing HA status

GUI item Description
click HERE to restore configured operating mode Click to reset the FortiMail unit to an effective HA operating mode that matches the FortiMail unit’s configured operating mode.

For example, for a configured primary unit whose effective HA operating mode is now slave, after correcting the cause of the failover, you might click this option on the primary unit to restore the configured primary unit to active duty, and restore the secondary unit to its slave role.

This option appears only if the FortiMail unit is a member of an active-passive HA group.

Note: Before selecting this option, if the effective HA operating mode changed due to failover, you should resolve any issues that caused the failover.

click HERE to switch to slave Click to manually switch the effective HA operating mode of mode         the primary unit so that it becomes a secondary unit.

This option appears only if the FortiMail unit is currently operating as a primary unit.

click HERE to restart the HA Click to restart HA processes after they have been halted due system to detection of a failure by service monitoring. For details, see

“On failure” on page 322, “Configuring service-based failover” on page 328, and “Restarting the HA processes on a stopped primary unit” on page 318.

This option appears only if the FortiMail unit is configured to operate as the primary unit (master), but its effective HA operating mode is off.

Configured Effective         Description
operating

mode

operating

mode

master master        Normal for the primary unit of an active-passive HA group.
slave slave           Normal for the secondary unit of an active-passive HA group.
master off              The primary unit has experienced a failure, or the FortiMail unit is in the process of switching to operating in HA mode.

Table 35: Combinations of configured and effective HA modes of operation

HA processes and email processing are stopped.

Configured Effective         Description
operating

mode

operating
mode  
slave off The secondary unit has detected a failure, or the FortiMail unit is in the process of switching to operating in HA mode.

After the secondary unit starts up and connects with the primary unit to form an HA group, the first configuration synchronization may fail in special circumstances. To prevent both the secondary and primary units from simultaneously acting as primary units, the effective HA mode of operation becomes off.

If subsequent synchronization fails, the secondary unit’s effective HA mode of operation becomes master.

master failed The remote service monitoring or local network interface monitoring on the primary unit has detected a failure, and will attempt to connect to the other FortiMail unit. If the problem that caused the failure has been corrected, the effective HA mode of operation switches from failed to slave, or to match the configured HA mode of operation, depending on the On failure setting.

Additionally, f the HA group is operating in transparent mode, and if the effective HA mode of operation changes to failed, the network interface IP/netmask on the secondary unit displays bridging (waiting for recovery). For details, see “Configuring the network interfaces” on page 247.

master slave The primary unit has experienced a failure but then returned to operation. When the failure occurred, the unit configured to be the secondary unit became the primary unit. When the unit configured to be the primary unit restarted, it detected the new primary unit and so switched to operating as the secondary unit.
slave master The secondary unit has detected that the FortiMail unit configured to be the primary unit failed. When the failure occurred, the unit configured to be the secondary unit became the primary unit.
config master N/A Normal for the primary unit of a config-only HA group.
config slave N/A Normal for the secondary unit of a config-only HA group.

Table 35: Combinations of configured and effective HA modes of operation


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos