Who is Office of The CISO? - How to Get Into Cybersecurity - What is a Chief Information Security Officer?
What is a SOC Analyst?
Configuring the secondary unit for HA operation
The following procedure describes how to prepare a FortiMail unit for HA operation as the secondary unit according to Figure 136 on page 338.
Before beginning this procedure, verify that you have completed the required preparations described in “Example: Active-passive HA group in gateway mode” on page 337. Also verify that you configured the primary unit as described in “Configuring the primary unit for HA operation” on page 342.
To configure the secondary unit for HA operation
- Connect to the web-based manager of the secondary unit at https://192.168.1.6/admin.
- Go to System > Network.
- Configure port 6 to 10.0.0.4/255.255.255.0 and port 6 to 10.0.1.4/255.255.255.0.
- Go to System > High Availability > Configuration.
- Configure the following:
|Main Configuration section||See “Configuring the primary HA options”|
|Mode of operation||slave|
|On failure||wait for recovery then restore slave role|
|Backup options section||See “Configuring the backup options”.|
|Backup mail data directories||enabled|
|Backup MTA queue directories||disabled|
|Advanced options section||See “Configuring the advanced options”.|
|HA base port||2000|
|Heartbeat lost threshold||15 seconds|
Remote services as heartbeat disabled
|Interface section||See “Configuring interface monitoring”.|
|Peer IP address||10.0.0.2|
|Peer IP address||10.0.1.2|
|Virtual IP Address||(Configuration of the ports will be synchronized with the primary unit, and are therefore not required to be configured on the secondary unit.)|
- Click Apply.
The FortiMail unit switches to active-passive HA mode, and, after determining that the primary unit is available, sets its effective HA operating mode to slave.
- Go to System > High Availability > Status.
- Select click HERE to start a configuration/data sync.
The secondary unit synchronizes its configuration with the primary unit, including Virtual IP action settings that configure the HA virtual IP that the secondary unit will adopt on failover.
- To confirm that the FortiMail unit is acting as the secondary unit, go to System > High Availability > Status and compare the Configured Operating Mode and Effective Operating Mode. Both should be slave.
If the effective HA operating mode is not slave, the FortiMail unit is not acting as the secondary unit. Determine the cause of the failover, then restore the effective operating mode to that matching its configured HA mode of operation.
If the heartbeat interfaces are not connected, the secondary unit cannot connect to the primary unit, and so the secondary unit will operate as though the primary unit has failed and will switch its effective HA operating mode to master.
Figure 138:Secondary unit status page (secondary unit not operating as a slave unit)
When both primary unit and the secondary unit are operating in their configured mode, configuration of the active-passive HA group is complete. For information on managing both members of the HA group, see “Administering an HA group” on page 345.
Administering an HA group
In most cases, you will an HA group by connecting to the primary unit as if it were a standalone unit.
Table 43:Management tasks performed on each HA group member
|• synchronized configuration items, such as antispam settings
• primary unit HA management tasks, such as viewing its effective HA operating mode and configuring its Mode of operation and Shared password
• viewing the log messages of the primary unit
|• secondary unit HA management tasks, such as viewing its effective HA operating mode and configuring its Mode of operation and Shared password
• viewing the log messages of the secondary unit
If the initial configuration synchronization fails, such as if it is disrupted or the network cable is loose, you should manually trigger synchronization after changing the configuration of the primary unit. For information on manually triggering configuration synchronization, see “click HERE to start a configuration/data sync” on page 316.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos