Intruduce

HA(High Availability):
    Multiple devices form a redundant group and automatically perform role switching (failover).

Minimum Requirement

1.	The cluster consists of 2 to 4 FortiGate units of the same model and with the same license.
2.	There must be at least one heartbeat link between the FortiGate devices.

Active-Passive HA

1. 只有一台運行，其他的待命fortigate都不處理流量。
2. 選舉優先順序(大優先):
    Monitored ports > HA uptime > Priority > Serial Number
3. 透過FGCP(HeartBeat)同步的內容:
    DHCP,路由表,IPSEC SAs, Session...
4. 不能透過FGCP(HeartBeat)同步的內容:
    主機名稱,管理介面,GUI,HA override,HA priority,服務訂閱...
5. 新primary會自動採用與原primary相同的虛擬MAC。

Configuration

System > HA
# Mode
Mode > Active-Passive

# Device Priority(0~255)
Device priority > 200

# Group Name
Group name > HA_demo

# Password
Password > "your_password"

# Monitor
Monitor interfaces > "WAN1 WAN2"

# Heartbeat
Heartbeat interfaces > "port3 port4"

# 搶占功能
config system ha
    set override enable
end

TroubleShooting

# 檢查HA狀態
diagnose sys ha stsatus

# 檢查同步狀態 - checksum應相同
diagnose sys ha checksum cluster

# 查看HA uptime差異
diagnose sys ha dump-by vcluster
FGT1:...uptime/reset_cnt=7814(測量差異的單位)/0(此設備已重置HA的次數)
FGT2:...uptime/reset_cnt=0/1

# 手動強制故障移轉
diagnose sys ha reset-uptime

# 查看虛擬MAC
get hardware nic "port1"

Check

Plugging in the network cable will cause a temporary "unsynced". 
After which the devices will transition to "sync".