Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 41 FortiWeb 5.0 Patch 6 Administration Guide

Failover is triggered by any interruption to either the heartbeat or a port monitored network

interface whose length of time exceeds your configured limits (Detection Interval x Heartbeat

Lost Threshold). When the active (“main”) appliance be

comes unresponsive, the standby

appliance:

1. Notifies the network via ARP that the network interf

ace IP addresses (including the IP

address of the bridge, if any) are now associated with its virtual MAC addresses

2. Assumes the role of the active appliance and scans network traffic

To keep the standby appliance ready in case of a failover, HA pairs also use the heartbeat link to

automa

tically synchronize most of their configuration. Synchronization includes:

• core CLI-style configuration file (fwb_system.conf)

• X.5

09 certificates, certificate request files (CSR), and private keys

• HTTP error pages

• FortiGuard IRIS Service database

• FortiGuard Security Service files (attack signatures, predefined data types & suspicious

URLs, known web crawlers & content scrapers, global white list, vulnerability scan

signatures)

• Geography-to-IP database

and occurs immediately when an appliance joins the cluster, and thereafter every 30 seconds.

Although they are not automatically synchronized for performance reasons due to large size and

fr

equen

t updates, you can manually force HA to synchronize FortiGuard Antivirus signatures.

For instructions, see execute ha synchronize in the FortiWeb CLI Reference. For a list of

settings and data that are not synchr

oni

zed, see “Data that is not synchronized by HA” and

“Configuration settings that are not synchronized by HA”.

See also

• Configuring a high availability (H

A) FortiWeb cluster

• Replicating the configuration without FortiWeb HA (external HA)

Data that is not synchronized by HA

In addition to HA configuration, some data is also not synchronized.

• FortiWeb HTTP sessions — FortiWeb appliances can use cookies to add and track its own

sessions, functionality that is not inherently provided by HTTP. For more information, see

“HTTP sessions & security” on page 34. This state-tracking data corresponds in a 1:1 ratio

If you do not want to configure HA (perhaps you have a separate network appliance

implementing HA externally), you can still replicate the FortiWeb’s configuration on another

FortiWeb appliance. For more information, see

“Replicating the configuration without FortiWeb

HA (external HA)” on page 107

previous next