Fortinet 42 FortiWeb 5.0 Patch 6 Administration Guide
to request volume, and therefore can change very rapidly. To minimize the performance
impact on an HA cluster, this data is not synchronized.
•SSL/TLS sessions — HTTPS connections are stateful in that they must be able to
remember states such as the security associations from the SSL/TLS handshake: the
mutually supported cipher suite, the agreed parameters, and any certificates involved.
Encryption and authentication in SSL/TLS cannot function without this. However, a new
primary FortiWeb’s lack of existing HTTPS session information is gracefully handled by
re-initializing the SSL/TLS session with the client.This does not impact to the encapsulated
HTTP application, has only an initial failover impact during re-negotiation, and therefore is
not synchronized.
•Log messages — These describe events that happened on that specific appliance. After a
failover, you may notice that there is a gap in the original active appliance’s log files that
corresponds to the period of its down time. Log messages created during the time when the
standby was acting as the active appliance (if you have configured local log storage) are
stored there, on the original standby appliance. For more information on configuring local log
storage, see “Configuring logging” on page 545.
•Generated reports — Like the log messages that they are based upon, PDF, HTML, RTF,
and plain text reports also describe events that happened on that specific appliance. As
such, report settings are synchronized, but report output is not. For information about this
feature, see “Reports” on page 586.
•Auto-learning data — Auto-learning is a resource-intensive feature. To minimize the
performance impact on an HA cluster, this data is not synchronized. For information about
this feature, see “Auto-learning” on page 151.
See also
•Configuring a high availability (HA) FortiWeb cluster
•Configuration settings that are not synchronized by HA
•HA heartbeat & synchronization
Configuration settings that are not synchronized by HAAll configuration settings on the active appliance are synchronized to the standby appliance,
except the following:
Failover will not break web applications’ existing sessions, which do not reside on the
FortiWeb, and are not the same thing as FortiWeb’s own HTTP sessions. The new active
appliance will allow existing web application sessions to continue. For more information, see
“FortiWeb sessions vs. web application sessions” on page 37.
FortiWeb sessions are used by some FortiWeb features. After a failover, these features
may not work, or may work differently, for existing sessions. (New sessions are not
affected.) See the description for each setting that uses session cookies. For more
information, see “Sessions & FortiWeb HA” on page 39.
Setting Explanation
Operation mode You must set the operation mode of each HA group member before
configuring HA. See “Setting the operation mode” on page 94.
Host name The host name distinguishes each member of the FortiWeb HA cluster.
See “Changing the FortiWeb appliance’s host name” on page 519.