System ha takeover | Fortinet 3.0 MR4 manual

system ha takeover

set

system ha takeover

Use this command to configure HA network interface in master mode configuration options for an active-passive HA group to control how network interface IP addressing and status is changed by HA. Depending on your requirements you can configure HA network configuration options for all FortiMail network interfaces; including the mgmt interface for a FortiMail unit operating in transparent mode.

For FortiMail units operating in gateway and server modes, for each interface you can ignore the interface, set a new IP address and netmask for the interface, or add a virtual IP and netmask.

For FortiMail units operating in transparent mode you can also configure how the FortiMail management interface (mgmt) configuration is changed by HA. Also in transparent mode you can add individual network interfaces to the FortiMail transparent mode bridge.

Note: Using the add option to add a virtual IP address to a FortiMail interface gives the interface two IP

addresses: the virtual IP address and the actual IP address. The interface can receive traffic sent to both of these IP addresses. Normally you would configure your network (MX records, firewall policies, routing and so on) so that clients and mail services use the virtual IP address. All replies to sessions with the virtual IP address include the virtual IP address as the source address. All replies to sessions with the actual IP address include the actual IP address as the source address. All outgoing sessions that originate from this interface also use the virtual IP address of the interface and not the actual IP address. This means that all outbound mail or relayed mail packets sent from a FortiMail primary unit interface, configured with a virtual IP address, will have the virtual IP address of the primary unit interface as the source IP address. If you are using this interface to send outgoing email, you should configure your network devices (such as NAT firewalls) to process traffic from the virtual primary unit interface IP address.

Syntax

set system ha takeover <interface_str> {add bridge ignore set} <takeover_ipv4> <netmask_ipv4>

	FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
330	06-30004-0420-20080814

Image 330

Fortinet 3.0 MR4 manual System ha takeover

Contents

I R E F E R E N C E Trademarks Contents Get Set 122 157 167 198 237 275 Unset 353 Index 361 Page About the FortiMail Secure Messaging Platform About this document BODYH4You must authenticate to use this Execute restore config filenamestrAuthentication/TITLE/HEAD Service./H4 FortiMail documentation FortiMail QuickStart Guides Customer service and technical support Comments on Fortinet technical documentation What’s new Bypassbounceverify 06-30004-0420-20080814 CLI command syntax Set console page lengthintSet console Connecting to the CLI Set allowaccess ping https ssh snmp http telnet FortiMail-400 login WelcomeGet system interface CLI command branches To connect to the CLI using SSH Execute Backup config Execute backup config namestr serveripv4Execute restore Checklogdisk Execute checklogdiskExecute checkmaildisk Checkmaildisk Execute checkmaildiskExecute checklogdisk Clearqueue Execute clearqueue Factoryreset Execute factoryreset Execute formatmaildisk Execute formatmaildiskbackup FormatlogdiskExecute formatlogdisk Formatmaildisk Execute formatmaildisk Formatmaildiskbackup Execute formatmaildiskbackupExecute formatmaildisk Execute maintain mailqueue clear age 23d MaintainExecute maintain mailqueue clear age ageunit Execute clearqueue Nslookup Execute nslookup host mx nameserverExecute ping Execute traceroute Execute partitionlogdisk logint Partitionlogdisk Ping Execute ping hostname hostipv4Execute ping-option Ping-option Execute ping-option optionExecute ping Reboot Execute rebootExecute reload Execute reboot ReloadExecute reload Restore Execute restore config image namestr serveripv4Execute backup config Shutdown Execute shutdown Smtptest Execute smtptest ipv4addrport domain domainstrExecute smtptest 192.168.100.225 domain example.com Telnettest Execute telnettest hostipv4port Traceroute Execute traceroute hostipv4Execute maintain Execute ping Update config Execute update config Updatecenter updatenow Execute updatecenter updatenow Updatecenter updatenow Get Alertemail configuration Get alertemail configurationGet alertemail setting Alertemail setting Get alertemail configuration Antivirus Get antivirus Get as option Get History Auth Get auth imap pop3 radius smtp Get av profilename Config Get config searchstring Console Get console Fshd status Get fshd status Get ippolicy policynumber Is disabled, Difference are not allowedIppolicy Get ipprofile Ippool Get ippool namestrGet ipprofile Set ippool Set ippool addentry Ipprofile Get ipprofile profilename Get ippolicy Ldapprofile Get ldapprofile profile namestr Limits Get limits Log elog Get log elog Log logsetting Get log logsettingSet log setting local Set log setting syslog Log msisdn Get log msisdnSet log msisdn Set log view fields Log policy Get log policy Set log reportconfig qry Log queryGet log query Log reportconfig FortiMail v3.0 New Log view Get log view event history spam virus Mailserver Get mailserver Mailserver access Get mailserver access Mailserver archive Get mailserver archiveGet mailserver archive exemptlist local policy remote Mailserver localdomains Get mailserver localdomain Get mailserver smtp setting Mailserver smtp Mailserver systemquarantine Get mailserver systemquarantine Misc profile Get misc profilename Outcontent Get outcontent namestrGet outpolicy Get outprofile Get outcontent Get outprofile OutpolicyGet outpolicy namestr Get outcontent Get outpolicy OutprofileGet outprofile namestr Policy Get policy fqdn Spam deepheader Get spam deepheader Spam heuristic rules Get spam heuristic rules Spam retrieval policy Get spam retrieval policy fqdnstr System Get system item Time ntp Snmp thresholdStatus Time time Get userpolicy UserGet user item Alias Group Ldap map Mail Map Userpolicy Get userpolicy namestrGet user Page Set Alertemail configuration mailto Set alertemail configuration mailto noneSet alertemail deferq Set alertemail setting option 000 Alertemail deferqTriggervalue Intervalminutes Set alertemail setting option diskfull quotafull Alertemail setting optionSet alertemail setting option optionlist none Set alertemail configuration mailto Set alertemail deferq Set antivirus enable disable As blacklistaction Set as blacklistaction reject discard profileSet as profile modify whitelistword Expiryint As bounceverifyTagexpiry Set ipprofile sendervalidation As control autorelease Set as control autorelease delete release controlaccount As control bayesian Set as profile modify bayesian Set as profile modify actions As greylist Set as profile modify greylist As mmsreputation Set ipprofile mmsreputation As profile delete Set as profile namestr delete As profile modify actions Auto-release Enable disableAs profile modify auto-release Webrelease Set as profile namestr modify bannedword enable disable As profile modify bannedwordSet as profile modify bannedwordlist As profile modify bannedwordlist Set as profile modify bannedword As profile modify bayesian Set as control bayesian Headeranalysis Enable disable CheckipAs profile modify deepheader FortiMail v3.0 MR1 checkip and headeranalysis added As profile modify dictionary DictprofileDictint Set as profile namestr modify dnsbl enable disable As profile modify dnsblSet as profile modify dnsblserver Hoststr As profile modify dnsblserverSet as profile modify dnsbl Move-to newint Set as profile namestr modify forgedip enable disable As profile modify forgedip As profile modify fortishield Set as profile namestr modify greylist enable disable As profile modify greylist As profile modify heuristic As profile modify imagespam Aggressive Subject reject As profile modify individualaction scannerScanner bannedword Discard forward As profile modify quarantine Set as control autorelease Set as spamreportDays daysint As profile modify rewritercpt As profile modify scanoptions BypassonauthMaxsize sizeint Set as profile namestr modify surbl enable disable As profile modify surblSet as profile modify surblserver As profile modify surblserver Set as profile modify surblRename-to newstr Header As profile modify tagsHtag tagstr Stag tagstr Set as profile namestr modify virus enable disable As profile modify virus Set as profile namestr modify whitelistword enable disable As profile modify whitelistwordSet as profile modify whitelistwordlist As profile modify whitelistwordlist As spamreport Set as control autorelease Set as profile modify quarantine As trusted Auth imap rename-to Set auth imap namestr rename-to newstrSet auth imap server Serveripv4 Port portint Auth imap serverSet auth imap rename-to Option ssl secure Auth pop3 rename-to Set auth pop3 namestr rename-to newstrSet auth pop3 server Auth pop3 server Set auth pop3 rename-to110 Auth radius rename-to Set auth radius namestr rename-to newstrSet auth radius server Set auth radius rename-to Passwordstr DomainAuth radius server Serveripv4 Secret Auth smtp rename-to Set auth smtp namestr rename-to newstrSet auth smtp server Auth smtp server Set auth smtp rename-to Av delete Set av avprofname delete Av modify actions Set av avprofname modify actions discard reject Set av avprofname modify heuristic enable disable Av modify heuristic Av modify heuristic heuristicaction Set av avprofname modify scanner enable disable Av modify scanner Av rename-to Set av avprofname rename-to newnamestr Baudrate 9600 38400 57600 Mode batch lineSet system appearance Set system option Lineint Content delete Set content namestr deleteSet content modify filetype Set content modify monitor Content modify action Content modify bypassonauth Set content namestr modify bypassonauth enable disableSet content modify action Set content modify filetype Content modify defersize Set content namestr modify defersize sizeintSet content modify bypassonauth Set content modify filetype Filetypestr Content modify filetypeSet content modify action Set content modify monitor Blocked Content modify monitor Set content modify monitor action None Content modify monitor actionAction none Replace review 155 Fshd Set ippolicy policyint Set ippolicy delete Set ippolicy move Policyint Ippolicy actionSet ippolicy policyint action scan reject tempfail Scan Ippolicy as Set ippolicy policyint as namestr Ippolicy auth Ippolicy av Set ippolicy policyint av namestr Ippolicy content Set ippolicy policyint content namestr Ippolicy delete Set ippolicy policyint deleteSet ippolicy Set ippolicy move Set ippolicy policyint exclusive enable disable Ippolicy exclusive Ippolicy ip Set ippolicy policyint ip namestr Ippolicy match gateway and server modes Set ippolicy policyint match clientipv4/mask Clientipv4/mask Ippolicy match transparent modeSet ippolicy match gateway and server modes 0.0/0 Ippolicy move Set ippolicy policyint move newintSet ippolicy Set ippolicy delete Ippolicy smtp Set ippool namestr Set ippool Set ippool delentry Set ippool delete Get ippool Ippool addentrySet ippool namestr addentry ipv4 sizeint Ipv4 RangeIDint Ippool delentrySet ippool namestr delentry rangeIDint Set ippool Set ippool addentry Set ippool delete Get ippool Ippool delete Set ippool namestr delete 174 Ipprofile check Splice SenddsnSender Integer seconds Ipprofile connection Ipprofile delete Set ipprofile namestr deleteSet ipprofile rename Free int Ipprofile errorInitialdelay int Increment int Ipprofile headermanipulation Ipprofile limit Rset intEmails int Ipprofile list Ipprofile mmsreputation Ipprofile rename Set ipprofile namestr rename newstrSet ipprofile delete Ipprofile senderreputation Ipprofile sendervalidation 187 Ratecontrol Ipprofilesetting ratecontrolSet ipprofilesetting ratecontrol connection message Connection Antivirus avstr Ldapprofile profile asavAntispam asstr Asavstate Ldapprofile clearallcache Set ldapprofile clearallcache Ldapprofile profile auth Ldapprofile profile clearcache Set ldapprofile profile namestr clearcache Serveripv4 Ldapprofile profile fallbackserverFallbackserver hoststr 389 Ldapprofile profile group Ldapprofile profile option Ldapprofile profile pwd Ldapprofile profile routing Ldapprofile profile server Server hoststrSecure none ssl Ldapprofile profile user Ldapprofile profile user Set Adminint AdminperdomintLimits domain-level Limits system-level general DomainintProfilesint Limits system-level groups Set limits system-level groups groupsint membersint Limits system-level mail-users Set limits system-level mail-users usersint Limits system-level other-profiles Ipint Limits system-level policiesSet limits system-level policies ipint outgoingint Outgoingint 207 Set log msisdn enable disable Log policy destination event Log policy destination history Log policy destination spam Detected none Log policy destination virus Infected none Log reportconfig direction Domainname2 Log reportconfig domainDomainname1 Domainname3 Emailaddr2 Log reportconfig mailtoEmailaddr1 Emailaddr3 Log reportconfig period Log reportconfig qry Qry querystr1Querystr2 Querystr3 Days daysstr dates Log reportconfig schedule hourSchedule hour daily Datesint Severityinteger Log setting consoleEnable disable Loglevel Emergency Log setting local Log setting syslog Log setting syslog Set Log view fields Log view loglevel Loglevel eventHistory spam virus Loglevel Set move Patternstr AuthenticatedRule number Senderpattern Profilestr Permission ok MR4 Added authenticated and tlsprofileTlsprofile Relay reject Mailserver archive account Mailserver archive exemptlist Set mailserver archive exemptlist exemptid ? Mailserver archive local quota Set mailserver archive local quota quotaint Recipient subject Mailserver archive policySet mailserver archive policy policyid ? Body Mailserver archive remote Mailserver deadmail Set mailserver deadmail value Smtp Portnumber Mailserver portnumberPop3 Portnumber Smtps portnumber Mailserver proxy smtp interface Set mailserver proxy smtp unknown Set mailserver proxy smtp interface Mailserver proxy smtp unknownSet mailserver proxy smtp unknown hide original Hide Mailserver relayserver AuthenticationEnable disable Username namestr Port portnumber Mailserver smtp deferbigmsg Starttime hhmmStoptime hhmm Mailserver smtp delivery Set mailserver smtp delivery noesmtp yes no Mailserver smtp dsn Mailserver smtp ldapdomaincheck Mailserver smtp queue Mailserver smtpauth Set mailserver smtpssl enabled disabled Mailserver smtpssl Client type Type disableMailserver smtp storage Dir Mailserver smtp storage cquar Client serverSet mailserver smtp storage cquar type client Mailserver smtp storage cquar Set Set content modify action Set content modify monitor action Misc profile delete Set misc profile namestr deleteSet misc profile rename-to Misc profile modify quota Set misc profile namestr modify quota quotaintQuotaint Set misc profile namestr modify userstatus enable disable Misc profile modify userstatusUserstatus Misc profile modify webmailaccess Webmailaccess Misc profile rename-to Set misc profile namestr rename-to newstrSet misc profile delete Outcontent delete Set outcontent namestr delete Outcontent modify action Set outcontent modify action Set outcontent modify monitorForward reject Outcontent modify bypassonauth Set outcontent namestr modify bypassonauth enable disableSet outcontent modify action Set outcontent modify filetype Outcontent modify filetype Outcontent modify monitor action Reject replaceReview Outcontent modify monitor Set outcontent modify monitor actionTags header enable 259 Outpolicy profile delete Set outpolicy userstr deleteSet outpolicy move-to Set outpolicy rename-to Outpolicy modify Outpolicy move-to Set outpolicy userstr move-to newintSet outpolicy profile delete Set outpolicy rename-to Outpolicy rename-to Set outpolicy userstr rename-to newstrSet outpolicy profile delete Set outpolicy move-to Outprofile profile delete Set outprofile profile namestr deleteSet outprofile profile rename-to Review enable disable Outprofile profile modify actionsNamestr Outprofile profile modify bannedword Outprofile profile modify bannedwordlist Outprofile profile modify bayesian Outprofile profile modify deepheader Outprofile profile modify dictionary Set outprofile profile namestr modify dnsbl enable disable Outprofile profile modify dnsbl Outprofile profile modify dnsblserver Outprofile profile modify fortishield Outprofile profile modify greylist Enable disable Upper-level Outprofile profile modify heuristic Outprofile profile modify imagespam Outprofile profile modify individualaction scanner Action Outprofile profile modify scanoptions Set outprofile profile namestr modify surbl enable disable Outprofile profile modify surbl Outprofile profile modify surblserver Outprofile profile modify tags Set outprofile profile namestr modify virus enable disable Outprofile profile modify virus Outprofile profile modify whitelistword Set outprofile profile modify whitelistwordlist Outprofile profile modify whitelistwordlist Set outprofile profile modify whitelistword Outprofile profile rename-to Set outprofile profile namestr rename-to newstrSet outprofile profile delete 286 Policy delete Set policy fqdnstr deleteSet policy modify rename-to Policy modify addassociation Policy fqdnstrAddassociation fqdn Set policy fqdnstr modify bverifyaddr disable ldap smtp Policy modify bverifyaddrSet policy modify verifyaddr Policy modify fallback Fallbackhost Hostipv4Fallbackport Portint Policy modify ip Set policy fqdnstr modify issubdomain enable disable Policy modify issubdomain Policy modify ldap Set policy fqdnstr modify ldapasav state enable disableSet policy fqdnstr modify ldaprouting state enable disable Set policy fqdnstr modify ldapasav profile profilestr Policy modify mxflag Set policy fqdnstr modify mxflag 0 Fqdnstr Policy modify tpSet policy fqdnstr modify tp zoneintr yes no yes no Zoneintr Policy modify user Set policy delete Set policy modify rename-to Set policy modify bverifyaddr Smtp disablePolicy modify verifyaddr Verifyaddr ldap Policy modify rename-to Set policy fqdnstr rename-to newfqdnstrSet policy delete 95.0000 Set spam deepheader confidence confidenceintConfidence Confidenceint Set as control autorelease System admin Set system option Set user System appearance Set console System autoupdate pushaddressoverride Set system autoupdate pushaddressoverride disable System autoupdate pushupdate Set system autoupdate pushupdate enable disable System autoupdate schedule Set system autoupdate schedule enable disable every hhmmSet system autoupdate schedule enable disable daily hhmm Port portnum System autoupdate tunnelingAddress addrip4 Username Usernamestr System ddns Set system disclaimer allowdomain enable disable System disclaimer allowdomain System disclaimer incoming System disclaimer outgoing System dns System fortimanager Autobackup enable disableEnable disable Initiate enable disable Central-management System ha config Set system ha config portinteger timeoutintegerSet system ha config 20001 Cpeerinteger System ha takeover command DisabledAny Cpeeripv4 Netmaskipv4 Primary-localipv410.0.0.1 255.255.255.0 Set system ha interface port5 10.0.0.2 Set system ha interface port5 10.0.0.3Set system ha interface port5 10.0.0.4 317 System ha data Set system ha data dataportinteger timeoutintegerSet system ha config 20002 Dataportinteger System ha datadir Ports hd System ha lserviceSet system ha lservice pprts 30 Checktimeinteger Set system ha mode cmaster System ha modeSet system ha mode mode Mode mode Heartbeatportinteger System ha monitorSet system ha monitor port 20000 20 20000 323 System ha on-failure Set system ha on-failure off restore slaveRestore Set system ha on-failure slave System ha passwd Set system ha passwd passwdstrSet system ha passwd Passw4D Set system ha remote-as-heartbeat enable disable Set system ha remote-as-heartbeat enableSystem ha remote-as-heartbeat Set system ha resync System ha restart restore resyncSet system ha restart restore resync Restart System ha rservice Set system ha rservice pop 10.10.10.2 25 30 20 System ha takeover Set system ha takeover port5 add 10.10.10.2 System ha takeover System hostname Set system hostname hostnamestr System interface config Connection Disable System interface mode dhcpSet system interface intfstr mode dhcp Defaultgw Disable System interface mode static Set system interface intfstr mode static ip addrip4 maskip4 System opmode Set system opmode gateway server transparent Set system admin Set system appearance System optionSet system option option1 value1 System route number System snmp community Set system snmp sysinfo threshold System snmp sysinfo threshold Set system snmp community System time manual Set system time ntp System time ntp Set system time manual Set system admin Set user System usrgrp Set user map internalname intstr externalname extstr Set user alias name namestr member addr addrSet user alias name namestr addmember addr addr Set user ldap map domain domainname profile ldapprofilename User pki Userpolicy delete Set userpolicy move-to Set userpolicy rename-toSet userpolicy namestr delete Avstr Userpolicy modifyAsstr Miscstr Userpolicy move-to Set userpolicy delete Set userpolicy rename-toSet userpolicy namestr move-to newint Userpolicy rename-to Set userpolicy delete Set userpolicy move-toSet userpolicy namestr rename-to newstr 352 Unset Unset alertemail configuration Unset ldapprofile profile namestr Unset log reportconfig namestr Unset mailserver configuration Unset system configuration Alias name aliasstr Unset user configurationUser transparent and gateway Map name mapstr User server Group name groupstrLdap map domain domainint Index Dkim 186 DNS 363 Smtp 365 366