Fortinet 5.0 Patch 6

Fortinet 43 FortiWeb 5.0 Patch 6 Administration Guide

See also

•Data that is not synchronized by HA

•Configuring a high availability (HA) FortiWeb cluster

•HA heartbeat & synchronization

Network interfaces

(reverse proxy or

offline protection

mode only)

Bridge

(true transparent

proxy or transparent

inspection mode

only)

Only the FortiWeb appliance acting as the main appliance, actively

scanning web traffic, is configured with IP addresses on its network

interfaces (or bridge).

The standby appliance will only use the configured IP addresses if a

failover occurs, and the standby appliance therefore must assume the

role of the main appliance. See “Configuring the network interfaces” on

page 113 or “Configuring a bridge (V-zone)” on page 122.

Management IP

address

(true transparent

proxy or transparent

inspection mode

only)

Each FortiWeb appliance in the HA group should be configured with

different management IP addresses for administrative purposes. See

“Setting the operation mode” on page 94.

SNMP system

information

Each FortiWeb appliance in the HA group will have its own SNMP system

information, including the Description, Location, and Contact. See

“SNMP traps & queries” on page 580.

RAID level RAID settings are hardware-dependent and determined at boot time by

looking at the drives (for software RAID) or the controller (hardware RAID),

and are not stored in the system configuration. Therefore, they are not

synchronized. See “RAID level & disk statuses” on page 541.

HA active status

and priority

The HA configuration, which includes Device Priority, is not synchronized

because this configuration must be different on the primary and

secondary appliances.

FortiGuard

Antivirus packages

This package is large and frequently updated, and therefore is not usually

synchronized for performance reasons. You can, however, force

synchronization. For details, see exec ha sync in the FortiWeb CLI

Reference.

Note: Unless you force an HA sync of this package, the standby may

initially use an out-of-date package after failover, until it has a chance to

synchronize with FortiGuard. For this reason, you should configure HA

pairs with more frequent FortiGuard update polls. See “Connecting to

FortiGuard services” on page 134.

Setting Explanation