Filter
Top Products
High availability Active-Active cluster packet flow
FortiGate-4000 Installation and Configuration Guide 97
This command has the following results:
• The first connection is processed by the primary unit
• The next three connections are processed by the first subordinate unit
• The next three connections are processed by the second subordinate unit
The subordinate units process more connections than the primary unit, and both
subordinate units, on average, process the same number of connections.
Active-Active cluster packet flow
This section describes packet flow through an active-active HA cluster. The cluster
consists of two FortiGate units (primary and subordinate). Cluster interfaces are
connected using switches.
• NAT/Route mode packet flow
• Configuring switches to work with a NAT/Route mode cluster
• Transparent mode packet flow
Figure 31: Active-active HA packet flow
NAT/Route mode packet flow
In NAT/Route mode, five MAC addresses are involved in active-active communication
between a client and a server if the cluster routes the packets to the subordinate unit
in the cluster:
• Virtual cluster MAC address (MAC_V)
• Client MAC address (MAC_C),
• Server MAC address (MAC_S),
• Subordinate unit internal MAC address (MAC_S_I),
• Subordinate unit external MAC address (MAC_S_E).
ServerClient
Switch 1
Switch 2
HA cluster
Primary Unit
Subordinate Unit