Article
DESCRIPTION:
This article explains HA port monitoring of HA heartbeat interfaces and HA port monitoring during cluster maintenance operations.
SOLUTION:
Purpose of HA Port Monitoring:
Configure HA port monitoring by setting Monitor Priorities from the web-based manager or set monitor from the CLI.
The purpose of port monitoring is to trigger an HA fail-over when a monitored interface link goes down. The fail-over causes the cluster to renegotiate and re-select the primary unit.
If a monitored interface on the primary unit fails, the cluster selects a new primary unit so that the connection to the network with the monitored interface can be maintained.
The HA fail-over can also trigger alert email, SNMP traps, and syslog messages to alert the system administrator to a problem with connections to the cluster that might otherwise have gone un-noticed.
Disable port monitoring during maintenance operations:
It is strongly recommended to disable port monitoring for all interfaces during maintenance operations to prevent unexpected fail-over events if a network cable is disconnected by mistake.
It is also strongly recommended to disable HA port monitoring on all interfaces before performing the following operations on a cluster:
- Adding a unit to a cluster
- Removing a unit from a cluster
Also consider to use the command on both nodes to check the status of the interface:
#diagnose sys ha dump-by all-vcluster <----- FortiOS 5.4 and below
#diagnose sys ha dump-by group <----- FortiOS 5.6 and above
The aim is to verify the state, priority, override and monitored port of each single unit.
When should HA port monitoring be enabled on an interface?
Enable HA port monitoring on an interface when it is required that the cluster maintain a link to the network connected to the monitored interface.
A link can go down if a FortiGate unit interface experiences a hardware failure, if a network cable is disconnected, if an interface on a switch that is connected to a cluster fails, or if an entire switch fails or is powered off.
About port monitoring on interfaces used for HA heartbeat:
Do not configure port monitoring for HA interfaces that are just being used as HA heartbeat devices. This is a common configuration mistake. The HA heartbeat protocol includes its own interface monitoring.
If an interface is used as a heartbeat device and also for network traffic, configure port monitoring for this interface to provide fail-over protection for the network traffic on the interface. If port monitoring is not enabled and an interface fails, the HA heartbeat will fail over to another interface, but the network traffic will not.
What can happen if HA port monitoring is enabled on a dedicated HA heartbeat interface that uses a cross-over cable?
It is possible to add a new subordinate unit (slave) to a cluster by setting the unit to factory default settings. Then, configure the new subordinate unit with HA settings that match the current cluster HA settings.
When the new subordinate unit is connected to the cluster and powered on, the subordinate unit is added to the cluster and the primary unit synchronizes the new subordinate unit's configuration.
If port monitoring is configured on an HA heartbeat interface and the HA heartbeat interfaces is connected using a crossover cable (instead of a switch), when the new subordinate unit attempts to join the cluster, the subordinate unit configuration may overwrite the primary unit configuration causing an unexpected network outage.
This can happen regardless of how HA priorities are set. This does not happen if HA port monitoring is not enabled for the HA heartbeat interface.
