FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Article Id 197972

Description

 

This article describes that when HA-direct is enabled, FortiGate uses the HA management interface to send log messages to FortiAnalyzer and remote syslog servers, sending SNMP traps, access to remote authentication servers (for example, RADIUS, LDAP), and connecting to  FortiSandbox, or FortiCloud.


Scope

 

FortiGate: logging, management interface.


Solution

 

Once the HA management interface has been configured, enable HA-direct globally:
 
config system ha
set ha-direct enable
end
 

In many cases, HA-direct can also be enabled only for appropriate features, such as SNMP or an LDAP server configuration. For example, in SNMPv3:

 

config system snmp user
    edit snmpv3-user
        set ha-direct enable
    next
end
 
 

Note:

This setting alters the traffic flow. Enabling it may cause timeouts to occur due to an unresponsive FortiGate. This occurs because the response to a request is sent on a different interface where the packet may not be routed back to the requester, resulting in a request timeout.