Interested In Hearing About 5.4.2?
So I am in the 5.4.2 beta and I have it on my 92D. I am playing with it and like a lot of the neat features Fortinet has worked on. I am going to do little posts and videos covering some of the cool...
View ArticleAbout active-active failover
About active-active failover HA failover in a cluster running in active-active mode is similar to active-passive failover described above. Active- active subordinate units are constantly waiting to...
View ArticleHA heartbeat and communication between cluster units
HA heartbeat and communication between cluster units The HA heartbeat keeps cluster units communicating with each other. The heartbeat consists of hello packets that are sent at regular intervals by...
View ArticleCluster virtual MAC addresses
Cluster virtual MAC addresses When a cluster is operating, the FGCP assigns virtual MAC addresses to each primary unit interface. HA uses virtual MAC addresses so that if a failover occurs, the new...
View ArticleDisabling gratuitous ARP packets after a failover
Disabling gratuitous ARP packets after a failover You can use the following command to turn off sending gratuitous ARP packets after a failover: config system ha set gratuitous-arps disable end Sending...
View ArticleHow the virtual MAC address is determined
How the virtual MAC address is determined The virtual MAC address is determined based on following formula: 00-09-0f-09-<group-id_hex>-(<vcluster_integer> + <idx>) where...
View ArticleDisplaying the virtual MAC address
Displaying the virtual MAC address Every FortiGate unit physical interface has two MAC addresses: the current hardware address and the permanent hardware address. The permanent hardware address cannot...
View ArticleDiagnosing packet loss with two FortiGate HA clusters in the same broadcast...
Diagnosing packet loss with two FortiGate HA clusters in the same broadcast domain A network may experience packet loss when two FortiGate HA clusters have been deployed in the same broadcast domain....
View ArticleSynchronizing the configuration
Synchronizing the configuration The FGCP uses a combination of incremental and periodic synchronization to make sure that the configuration of all cluster units is synchronized to that of the primary...
View ArticleHow to diagnose HA out of sync messages
How to diagnose HA out of sync messages This section describes how to use the commands diagnose sys ha showcsum and diagnose debug to diagnose the cause of HA out of sync messages. If HA...
View ArticleSynchronizing kernel routing tables
Synchronizing kernel routing tables In a functioning cluster, the primary unit keeps all subordinate unit kernel routing tables (also called the forwarding information base FIB) up to date and...
View ArticleBidirectional Forwarding Detection (BFD) enabled BGP graceful restart
Bidirectional Forwarding Detection (BFD) enabled BGP graceful restart If you configure a BFD enabled BGP neighbor as a static BFD neighbor using the router bfd command, FGCP supports graceful restart...
View ArticleSynchronizing IPsec VPN SAs
Synchronizing IPsec VPN SAs The FGCP synchronizes IPsec security associations (SAs) between cluster members so that if a failover occurs, the cluster can resume IPsec sessions without having to...
View ArticleClik here to view.
FortiOS 5.4.2 Best Practice Tip Panel
Just a heads up but one of the groovy features of FortiOS 5.4.2 is the Best Practice tip panel that helps you ensure your environment is setup to Fortinet Best Practices!
View ArticleLink failover (port monitoring or interface monitoring)
Link failover (port monitoring or interface monitoring) Link failover means that if a monitored interface fails, the cluster reorganizes to reestablish a link to the network that the monitored...
View ArticleRecovery after a link failover and controlling primary unit selection...
Recovery after a link failover and controlling primary unit selection (controlling falling back to the prior primary unit) If you find and correct the problem that caused a link failure (for example,...
View ArticlePreventing a primary unit change after a failed link is restored
Preventing a primary unit change after a failed link is restored Some organizations will not want the cluster to change primary units when the link is restored. Instead they would rather wait to...
View ArticleMultiple link failures
Multiple link failures Every time a monitored interface fails, the cluster repeats the processes described above. If multiple monitored interfaces fail on more than one cluster unit, the cluster...
View ArticleMonitoring VLAN interfaces
Monitoring VLAN interfaces If the FortiGates in the cluster have VLAN interfaces, you can use the following command to monitor all VLAN interfaces and write a log message if one of the VLAN interfaces...
View ArticleGigamon and FireEye Deployment
Sorry for the lack of specialized personal posts. I have been swamped with a major Gigamon / FireEye deployment for a major government agency. It has been a blast. I am looking forward to putting this...
View Article