HA II

The cluster assigns virtual IP addresses to heartbeat interfaces based on each FortiGate’s serial number, what subnet use?

FortiGates keep their heartbeat virtual IP addresses regardless of any change in their role (primary or secondary).: - The IP address assignment changes only when a FortiGate leaves or joins cluster.

Heartbeat communication can be enabled for physical interfaces, but not for: (Select 5)

As a best practice, in the moment a cluster is up and running and all interfaces are connected is recommended enabling interface monitoring. A monitored interface can easily become disconnected during initial setup and cause failovers to occur before the cluster is fully configured and tested.

Incremental synchronization: After the initial synchronization is complete, the primary will send any further configuration changes done by an administrator to all the secondaries. For example, if you create a firewall address object, the primary doesn't resend its complete configuration, it sends just the new object.

When a new FortiGate is added to the cluster, the primary FortiGate compares its configuration checksum with the new secondary FortiGate configuration checksum. If the checksums don't match, the primary FortiGate uploads its complete configuration to the secondary FortiGate.

Types of HA sync

How many second check the cluster that all devices are synchronized:

If any secondary is out of sync, the checksum of secondary devices is then checked every

If checksums don't match for five consecutive checks:

Not all the configuration settings are synchronized. There are a few that are not, such as: - The system interface settings of the HA reserved management interface and the HA default route for the reserved management interface - In-band HA management interface - HA override - HA device priority - The virtual cluster priority - The FortiGate host name - The HA priority setting for a ping server (or dead gateway detection) configuration - Licenses - Caches

Session synchronization: The synchronization of SSL VPN sessions is supported.

Session synchronization (Select 4)

What information is synchronized between two FortiGate devices that belong to the same HA cluster?

Which one of the following session types can be synchronized in an HA cluster?

[blank_start]A device failover[blank_end] is basically triggered when the primary FortiGate stops sending heartbeat traffic. When this happens, the secondaries renegotiate a new primary. [blank_start]A link failover[blank_end] occurs when the link status of a monitored interface on the primary FortiGate goes down. You can configure an HA cluster to monitor the link status of some interfaces. If a monitored interface on the primary FortiGate is unplugged, or its link status goes down, a new primary FortiGate is elected.

Virtual MAC Addresses and Failover

You can configure virtual clustering between with two or more FortiGate´s devices with multiple VDOMs.

A HA failover occurs when the link status of a monitored interface on the goes down.

The heartbeat interface IP address 169.254.0.1 is assigned to which FortiGate in an HA cluster?

Which of the following statements about the firmware upgrade process on an HA cluster is true?