Created on 11-18-2004 12:00 AM Edited on 02-10-2023 03:00 AM By Jean-Philippe_P
Description | This article describes how to configure HA heartbeat encryption and authentication. |
Scope | All FortiGate higher-end models. |
Solution |
It is possible to enable or disable HA heartbeat encryption and authentication to encrypt and authenticate HA heartbeat packets.
HA heartbeat packets should be encrypted and authenticated if the cluster interfaces that send HA heartbeat packets are also connected to the networks.
If HA heartbeat packets are not encrypted the cluster password will be exposed.
If HA heartbeat packets are not authenticated an attacker may be able to sniff HA pages to get cluster information.
Enabling HA encryption and authentication could reduce cluster performance.
Command syntax.
# config system ha
authentication {disable | enable}.
Enable/disable HA heartbeat message authentication. Enabling HA heartbeat message authentication prevents an attacker from creating false HA heartbeat messages. False HA heartbeat messages could affect the stability of the cluster. Authentication is disabled by default.
encryption {disable | enable}.
Enable/disable HA heartbeat message encryption. Enabling HA heartbeat message encryption prevents an attacker from sniffing HA packets to get HA cluster information. Encryption is disabled by default. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.