High availability
Diagnostic tools
Go to System Settings > Network then select the Diagnostic Tools button. Here, you can use the available diagnostic tools, including Ping, and Traceroute.
Diagnostic tools
Ping diagnostics output
Traceroute diagnostics output
High availability
FortiManager high availability (HA) provides a solution for a key requirement of critical enterprise management and networking components: enhanced reliability. Additional FortiManager units can be configured to provide failover protection for the primary FortiManager unit.
Configuring HA options
To configure HA options go to System Settings > HA. From here you can configure FortiManager units to start an HA cluster or you can change the HA configuration of the cluster.
Cluster settings
High availability
Configure the following settings:
Cluster Status Displays the cluster status include mode, serial number, IP address, enable, status, module data synchronized (bytes), and pending module data (bytes) for each cluster member.
Cluster Settings
Operation Mode Select Master to configure the FortiManager unit to be the primary unit in a cluster. Select Slave to configure the FortiManager unit to be a backup unit in a cluster. Select Standalone to stop operating in HA mode.
Peer IP Version Select the IP version from the drop-down list.
Peer IP Type the IP address of another FortiManager unit in the cluster. For the primary unit you can add up to four Peer IPs for up to four backup units. Select the add icon to add peers. Select the delete icon to remove a peer. For a backup unit you add the IP address of the primary unit.
Peer SN Type the serial number of another FortiManager unit in the cluster. For the primary unit you can add up to four Peer serial numbers for up to four backup units. For a backup unit you add the serial number of the primary unit.
Cluster ID A number that identifies the HA cluster. All members of the HA cluster must have the same group ID. If you have more than one FortiManager HA cluster on the same network, each HA cluster must have a different group ID.
The FortiManager Web-based Manager browser window title changes to include the Group ID when FortiManager unit is operating in HA mode.
Range: 0 to 64
High availability
Group Password A password for the HA cluster. All members of the HA cluster must have the same group password. The maximum password length is 19 characters. If you have more than one FortiManager HA cluster on the same network, each HA cluster must have a different password.
File Quota Configure the maximum hard limit of hard disk space that the HA master can use to synchronize data to the slaves. Once the limit is reached, HA will reset itself instead of taking up more disk space.
Range: 2048 to 20480 (MB)
Default: 4096 (MB)
Heartbeat Interval The time in seconds that a cluster unit waits between sending heartbeat packets. The heartbeat interval is also the amount of time that a FortiManager unit waits before expecting to receive a heartbeat packet from the other cluster unit. You cannot configure the heartbeat interval of the backup units.
Range: 1 to 255 (seconds)
Default: 5 (seconds)
Failover Threshold The number of heartbeat intervals that one of the cluster units waits to receive HA heartbeat packets from other cluster units before assuming that the other cluster units have failed. You cannot configure the failover threshold of the backup units. In most cases you do not have to change the heartbeat interval or failover threshold. The default settings mean that if the a unit fails, the failure is detected after 3 x 5 or 15 seconds; resulting in a failure detection time of 15 seconds. If the failure detection time is too short the HA cluster may detect a failure when none has occurred. For example, if the primary unit is very busy it may not respond to HA heartbeat packets in time. In this situation, the backup unit may assume that the primary unit has failed when the primary unit is actually just busy. Increase the failure detection time to prevent the backup unit from detecting a failure when none has occurred.
If the failure detection time is too long, administrators will be delayed in learning that the cluster has failed. In most cases, a relatively long failure detection time will not have a major effect on operations. But if the failure detection time is too long for your network conditions, then you can reduce the heartbeat interval or failover threshold.
Range: 1 to 255 (seconds)
Default: 3 (seconds0
Download Debug Log Select to download the debug log. HA related activities are auto logged.
To configure a cluster, you must set the mode of the primary unit to Master and the modes of the backup units to Slave.
Then you must add the IP addresses and serial numbers of each backup unit to primary unit peer list. The IP address and serial number of the primary unit must be added to each of the backup unit HA configurations. Also, the primary unit and all backup units must have the same ClusterID and Group Password.
You can connect to the primary unit Web-based Manager to work with FortiManager. Because of configuration synchronization you can configure and work with the cluster in the same way as you would work with a standalone FortiManager unit.
When the cluster is operating, from the primary unit Web-based Manager you can change HA settings. For example you might want to change the heartbeat interval and failover threshold to fine tune the failure detection time. You should also change the password and Cluster ID to be different from the default settings.
For more information on High Availability, see High Availability.
Admin
The System Settings > Admin menu enables you to configure administrator accounts, access profiles, and adjust global administrative settings for the FortiManager unit. The following menu options are available:
Administrator Select to configure administrative users accounts. For more information, see Administrator.
Profile Select to set up access profiles for the administrative users. For more information, see Profile.
Workflow Approval Select to create a new approval matrix or edit/delete an existing approval matrix. For more information, see Workflow Approval.
Remote Auth Server Select to configure authentication server settings for administrative log in. For more information, see Remote authentication server.
Admin Settings Select to configure connection options for the administrator including port number, language of the Web-based Manager and idle timeout. For more information, see Administrator settings.
Monitoring administrator sessions
The Current Administrators view enables you to view the list of administrators logged into the FortiManager unit. From this window you can also disconnect users if necessary.
To view logged in administrators on the FortiManager unit, go to System Settings > Dashboard. In the System Information widget, under Current Administrators, select Detail. The list of current administrator sessions appears.
Administrator session list