Understanding High Availability Setups for Fortinet Device Pairs

Here I am at my desk — the 3rd cup of coffee just now taking hold — and I am pondering high availability (HA) setups for Fortinet device pairs. It’s amazing how something as simple as redundancy will either save your bacon or deprive you of sleep. But I’ve been in networks one way or another since ’93 as a network admin, and I’ve gone from PSTN muxes doing voice and data (yes, those things) to sidestepping chaos when the Slammer worm ran amok (and once previously when I naively assumed I could never see a failover failure). That’s not just rhetorical hyperbole when, at P J Networks, a cybersecurity-focused VAR that deals every day with firewalls, servers, and routers, HA is no longer just a buzzword — it’s a matter of life or death.

Let’s strip down High Availability architecture for FortiGate, FortiAuthenticator, and FortiAP devices for a moment – because, believe me, if your fortinet environment isn’t sound then what you think you know about security can indeed be dangerous. Spoiler: I have recently worked with 3 banks to redesign their zero trust architecture and what surprised me was the frequency that HA configurations went totally ignored or just not fully baked. That’s a risk you don’t want.

HA Concepts – When to Consider High Availability

For those who are not clear on what HA stands for in the Fortinet world, here is a quick run down. Basically, High Availability means that your system continues to operate–even in the case where some part of your system breaks (fails). No downtime, no service outages, no pointing fingers at the network guy when your app is down. This is vitally important when dealing with banks, large enterprises, or any business in which risk equals real money.

HA is a feature for Fortinet where we try to reduce the downtime for the firewalls, while the primary firewall fails. A FortiGate firewall processing your traffic, a FortiAuthenticator managing your identity, or FortiAPs providing wifi—HA makes sure that even if any one of those devices takes a tumble, the others keep standing.

The two most common HA modes you will hear about

• Active-Passive: One device is active and chewing on traffic, the other is in standby, hoping that the blood of the active device fills its veins upon the active device’s demise.
• Active-Active: Each device can take part in handling traffic while sharing the burden and taking over instantly should the other falter.

Active-Passive vs Active-Active: What to choose?

Here’s the deal — active-active is the shiny sports car we all want, but active-passive is that dependable truck that simply does the job without the fanfare.

Active-Passive

• Easier to setup and manage
• Syncing won’t be as much of a problem
• But standby device unused until required (resources waste?)

Active-Active

• Enhanced throughput with load sharing
• Reduces failover latency
• But the complexity really starts to go up here (and I had my share of headaches here)
• Risk of session sync issues, especially with some settings

For FortiGates PJ Networks typically sells active-passive for the majority of the clients. Without the engineering firepower and time for complex riggings, it’s thus the more rugged and practical option. It is worth noting that the banks I have been working with recently, particularly in a zero trust world, are pushing hard for active-active to squeeze the absolute maximum performance from everything everywhere all the time without any downtime — very impressive, but not for the faint-hearted.

For FortiAuthenticator, and FortiAPs, typically active-passive will be best – these are authentication, identity and wireless type devices so maintaining service availability without session switchovers is a lot more important than raw throughput.

Setup Process The Nuts and Bolts

(Updated Dec 26, comments at bottom) So, you want to make an HA Fortinet configuration. Here is a distilled version of PJ Networks’ method — honed over years of maintenance, on-the-job repairs:

1. Assess Redundancy Needs
   • Not every site needs full HA, as a hot-standby might suffice
   • Depth is important: FortiGate HA, FortiAuthenticator clustering, and FortiAP redundancy all do their own thing
2. Network Topology Design
   • HA topology design done by PJ Networks based on your traffic, zones and VLANs
   • Employ dedicated HA Links between devices—do not mix admin data with HA heartbeats.
   • Add anot_admin<long_timeout> option to firewall policies — accounts for failures.
3. FortiGate HA settings configuration
   • Have same version of firmware (mismatches can lead to subtle bugs)
   • Set up the heartbeat interfaces (select at least two for redundancy)
   • Sync device configurations and session tables (active-active is why this is important)
4. FortiAuthenticator HA Setup
   • Primary and Secondary installation with user credentials and authentication policies kept in real-time sync.
   • Set up internal “heartbeat monitors
5. FortiAP Redundancy
   • It’s the APs themselves that won’t provide active-passive, but you architect wireless controllers with HA built-in The wireless implementation business is the same – I saw a presentation once and was flabbergasted.
   • Make sure that roaming and failover settings are snug
6. Failover Scripts & NOC Alerting
   • PJ Networks writes scripts that automate failover and link monitoring.
   • Instant alert to NOC on failover or degradation.
7. Firmware Updates for the Camera and the Disk Drive Regularly and Maintaining Them
   • Tag and release of firmware and patches on a quarterly basis ensuring first tested on dark lab setups
   • Downtimes are well planned – HA means less, but still present

Failover Testing – Don’t Set It and Forget It

Setup! = success. Testing failover cases is also where many engineers get lazy or take shortcuts.

PJ Networks requires quarterly failover exercises. That means:

• Simulate hardware failure on active FortiGate watch passive take over session with zero packets dropped
• Test FortiAuthenticator primary failure secondary takes over without interruption to auth
• Unplug power to wireless controller – APs reconnect gracefully Case closed.

Here’s the rub — the timing of failover does matter. Too slow and users will notice; too fast and you will introduce instability. I’ve seen a customer personally freak out when failover flaps back and forth for a while due to someone f5’ing all the timers without reading what they do.

Bottom line: break your HA set up deliberately and learn from your mistakes.

If PJ Networks SLA: Our Promises to You

At P J Networks we take HA seriously because we have to. Our customers — banks, retail chains, large businesses — they need rock-solid uptime.

Our SLAs are a testament to that:

• Hardware Protected by Fortinet that provides 99.99% uptime
• NOC alerts in record time and immediate response in seconds
• Quarterly failover drills and proactive patching
• Customized and tested fail over scripts

What we’ve learned is that even the best hardware and HA architecture will break if you aren’t maintaining it. Phones ring at 3 AM when someone ignored the persistent alert or postponed applying firmware patches. Done that, and learned a few things the hard way.

Best Practice: You HA It Right

Here’s my somewhat judgmental list—because I loathe cliché advice, and most security pros skip the small stuff:

• Keep similar firmware versions. Nuances in even software versions can result in slight sync issues.
• Do not depend only on Fortinet’s native heartbeat. Redundant links you can setup and watch each hop of your HA chain yourself.
• Your failover scripts are your friends. Automate anything that is the sort of thing about which human error will forget to do.
• Test often. Not just once but regularly. Especially so after patches or spontaneous reconfigurations.
• Document everything. Do you try to rely on tribal knowledge, and then lose out as soon as your go-to guy is on vacation?
• Security is not a magic firewall. HA doesn’t give you anything if your password policy is still ‘welcome123’ and ‘admin’. (Yes, I’ll bitch about passwords any time.)
• Finally, don’t buy into marketing hype around AI-powered security solutions — at least not without a dose of skepticism. Your FortiGate’s HA, your FortiAuthenticator’s sync, and your FortiAP controller failover — those are battle-tested tech. Trust the basics.

Quick Take

What if you’re in a hurry and just want my quick take:

• High Availability = NO single point of failure for your Fortinet appliances — keep your systems safe with 24×7 uptime!
• Active-passive is easy and solid, active-active brings performance with complexity.
• Implementing HA correctly is designing the topology, aligning the firmware, automating failover, testing it out.
• PJ Networks has high SLAs, 24×7 monitoring, and labs (including quarterly drills) because infrastructure maintenance is where most teams fail
• Don’t lose sight of the fundamentals: strong passwords, documented processes and skepticism of shiny new buzzwords

Conclusion

I just got back from DefCon. Fresh from the hardware hacking village, I can tell you that whether it’s a Fortinet firewall or a locked-down embedded gizmo, they’ll find their way in sooner or later, if you don’t architect for HA and resilience from Day 1. That’s my takeaway. Hope you’ll find something you can use, either if you are an experienced admin or a startup CIO just trying to find the right way to operate.

Sanjay Seth
P J Networks Pvt Ltd
Cybersecurity consultant since 2000 (network admin since 1993, Slammer worm survivor of the mayhem)