Configuring High Availability in FortiVoice


FortiVoice units operate in active-passive high availability (HA) mode, which allows for data synchronization and decreases the chances of data loss in the event of hardware failure.

This recipe guides you through the process of configuring HA mode in FortiVoice and monitoring the HA status.

To configure FortiVoice units operating in HA mode you typically only need to connect the primary unit (master), since the primary unit’s configuration synchronizes with the secondary units (slave).
Note: All units in the HA group must be the same model and have the same firmware version. 

General Configurations

First we’ll need to perform some general configurations to enable high availability mode on your unit. 

  1. Physically connect the FortiVoice units that will be members of the HA group. Connect both the primary and secondary heartbeat interface.
  2. Enable the HA mode on each member of the group that you want to use and select the individual member to act as a primary or secondary unit.
  3. Configure the local IP addresses of both the primary and secondary heartbeat.
  4. Configure a virtual IP address shared between the HA group and then configure the failover behavior. For more information on configuring failover, see the “Configuring service-based failover” section of the Administrator Guide.

Configuring HA mode and group

Before we configure the HA mode and group, we’ll need to enable the logging of HA activity. To do this, go to Log & Report > Log Settings > Local Log Settings and enabling HA  in the Logging Policy Configuration section under Event Log.

To enable and configure HA

  1. Go to System > High Availability > Configuration.
  2. Select master from the Mode of operation dropdown menu if the FortiVoice unit is the primary unit in the active-passive HA group, or slave if it is the secondary unit. This enables HA.
  3. Select the desired action you want your FortiVoice unit to take when it detects a failure, such as a power failure. 
  4. Enter an HA password for the HA group. You must use the same password for both the primary and secondary units.
  5. Expand the advanced options. Leave the HA base port value at default and enter the total span of time that the primary unit can be unresponsive before it triggers a failover and the secondary unit assumes the role of the primary unit.
  6. Enable remote services as heartbeat to use remote service monitoring as a secondary HA heartbeat. When this is enabled and both the primary and secondary heartbeat links fail a failover will not occur. 
  7. Expand the interface section and enable any ports to monitor in case of failover.

The service monitor options requires a bit more explanation so we’ll cover that on its own in the next section.



Configuring Service-based Failover

HA service monitoring settings are not synchronized and need to be configured on each primary and secondary unit. If service monitor detects a failure, the effective HA operating mode of the primary unit switches to off or failed. A failover occurs and the effective HA operating mode of the secondary unit switches to master. Service monitoring provides extra protection.

To configure service monitoring

  1. Go to System > High Availability > Configuration.
  2. Select master or slave as the mode of operation.
  3. Expand the service monitor area and then select Remote HTTP and then Edit
  4. Select enable and enter the IP address, port number of the SMTP service, and timeout period. 
  5. Do the same for SIP UDP.
  6. Edit Interface monitor and Local hard drives and enable both.