Fortinet 623 FortiWeb 5.0 Patch 6 Administration Guide
Vulnerability scan performance
Vulnerability scan performance depends on the speed and reliability of your network. It also can
be impacted by your configuration. See “Delay Between Each Request” on page 510.
Packet capture performance
Packet capture can be useful for troubleshooting but can be resource intensive. (See “Packet
capture” on page 633.) To minimize the performance impact on your FortiWeb appliance, use
packet capture only during periods of minimal traffic. Use a local console CLI connection rather
than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.
Improving fault toleranceTo enhance availability, set up two FortiWeb appliances to act as an active-passive high
availability (HA) pair. If your main FortiWeb appliance fails, the standby FortiWeb appliance can
continue processing web traffic with only a minor interruption. For details, see “Configuring a
high availability (HA) FortiWeb cluster” on page 97.
Keep these points in mind when setting up an HA pair:
• Isolate HA interface connections from your overall network.
Heartbeat and synchronization packets contain sensitive configuration information and can
consume considerable network bandwidth. For best results, directly connect the two HA
interfaces using a crossover cable. If your system uses switches instead of crossover cables
to connect the HA heartbeat interfaces, those interfaces must be reachable by Layer 2
multicast.
• When configuring an HA pair, pay close attention to the options ARP Packet Numbers and
ARP Packet Interval.