Created on 10-29-2007 12:00 AM
Description | Using the same FortiMail network interface for HA synchronization and other network traffic is not recommended. If other network traffic, HA heartbeat traffic, and HA synchronization traffic all use the same network interface, the operation of the HA group could be interrupted. |
Components |
|
Steps or Commands | It is recommended to isolate FortiMail high availability (HA) traffic from other network traffic. Heartbeat and synchronization packets contain sensitive configuration information and can consume considerable network bandwidth. For an active-passive or a config only HA group consisting of only two FortiMail units, directly connect the network interfaces that are being used for HA traffic using a crossover cable. For a config only HA group consisting of more than two FortiMail units, connect the network interfaces that are being used for HA traffic to a switch and do not connect this switch to your overall network. If you use the same network interface for other types of network traffic, HA heartbeat traffic, and HA synchronization traffic, the HA group could lose HA heartbeat packets. Losing HA heartbeat packets interrupts the operation of the FortiMail HA group. For example, an active-passive HA group can experience a split brain scenario where both of the FortiMail units in the HA group become primary units. Two primary units connected to the same network may cause address conflicts on your network because matching network interfaces will have the same IP addresses. Also, because the HA link is interrupted, the FortiMail units in the HA group cannot synchronize configuration changes or mail data changes. As a result, in general, you should use the default HA interface for HA heartbeat and HA synchronization traffic, and use network interfaces such as port1 and port2 for other network traffic. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.