Fortinet 5.0 Patch 6 Improving fault tolerance

Fortinet 623 FortiWeb 5.0 Patch 6 Administration Guide

Vulnerability scan performance depends on the speed and reliability of your network. It also can

be impacted by your configuration. See “Delay Between Each Request” on page 510.

Packet capture can be useful for troubleshooting but can be resource intensive. (See “Packet

capture” on page 633.) To minimize the performance impact on your FortiWeb appliance, use

packet capture only during periods of minimal traffic. Use a local console CLI connection rather

than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.

Improving fault tolerance

To enhance availability, set up two FortiWeb appliances to act as an active-passive high

availability (HA) pair. If your main FortiWeb appliance fails, the standby FortiWeb appliance can

continue processing web traffic with only a minor interruption. For details, see “Configuring a

high availability (HA) FortiWeb cluster” on page 97.

Keep these points in mind when setting up an HA pair:

• Isolate HA interface connections from your overall network.

Heartbeat and synchronization packets contain sensitive configuration information and can

consume considerable network bandwidth. For best results, directly connect the two HA

interfaces using a crossover cable. If your system uses switches instead of crossover cables

to connect the HA heartbeat interfaces, those interfaces must be reachable by Layer 2

multicast.

• When configuring an HA pair, pay close attention to the options ARP Packet Numbers and

ARP Packet Interval.