Home A - Z
Page Index

An Otter Wiki

NSE4

Yea

In flow-based inspection mode, FortiGate does not buffer traffic flowing through the policy. If FortiGate detects a violation in the traffic, it sends a reset packet to the receiver, which terminates the connection, and prevents the payload from being sent successfully.

Why was HQ-NGFW-1 elected as the primary?

In the primary election process, FGCP first checks the number of connected monitored ports. Because you did not configure monitored ports, FGCP then checks the next criterion.

Because the override setting is disabled, FGCP checks the HA uptime next. Because you enabled HA on both devices about the same time, the HA uptime difference is less than 5 minutes.

Therefore, FGCP checks the next criterion, which is priority.

HQ-NGFW-1 has a priority of 200, which is greater than the priority of HQ-NGFW-2, which is 100. The result is that FGCP elects HQ-NGFW-1 as the primary.

On this page
NSE4
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9