beautypg.com

System ha takeover, Syntax, Set system ha takeover – Fortinet FortiMail 3.0 MR4 User Manual

Page 330

background image

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

330

06-30004-0420-20080814

system ha takeover

set

system ha takeover

Use this command to configure HA network interface in master mode configuration options for an
active-passive HA group to control how network interface IP addressing and status is changed by HA.
Depending on your requirements you can configure HA network configuration options for all FortiMail
network interfaces; including the mgmt interface for a FortiMail unit operating in transparent mode.

For FortiMail units operating in gateway and server modes, for each interface you can ignore the
interface, set a new IP address and netmask for the interface, or add a virtual IP and netmask.

For FortiMail units operating in transparent mode you can also configure how the FortiMail
management interface (mgmt) configuration is changed by HA. Also in transparent mode you can add
individual network interfaces to the FortiMail transparent mode bridge.

Syntax

set system ha takeover {add | bridge | ignore | set}

Note: Using the add option to add a virtual IP address to a FortiMail interface gives the interface two IP
addresses: the virtual IP address and the actual IP address. The interface can receive traffic sent to both of these
IP addresses. Normally you would configure your network (MX records, firewall policies, routing and so on) so that
clients and mail services use the virtual IP address. All replies to sessions with the virtual IP address include the
virtual IP address as the source address. All replies to sessions with the actual IP address include the actual IP
address as the source address. All outgoing sessions that originate from this interface also use the virtual IP
address of the interface and not the actual IP address. This means that all outbound mail or relayed mail packets
sent from a FortiMail primary unit interface, configured with a virtual IP address, will have the virtual IP address of
the primary unit interface as the source IP address. If you are using this interface to send outgoing email, you
should configure your network devices (such as NAT firewalls) to process traffic from the virtual primary unit
interface IP address.

See also other documents in the category Fortinet Hardware: