2.5.2 Ensure 'Monitor Interfaces' for High Availability devices is enabled


Configure Interface Monitoring within High Availability settings. Interface Monitoring should be enabled on all critical interfaces.


With Interface Monitoring enabled on devices, failover can occur if there are physical media issues or issues with the specific port to which the FortiGate is connected.


Not configuring Interface Monitoring can directly impact services due to a failure to trigger a High Availability failover if an interface is impacted only on the primary device and is not being monitored. Without the Interface Monitoring enabled, failover would be limited to hardware, system, or power faults.


To remediate from GUI:

1. Go to System - > HA.
2. Under 'Monitor Interfaces' select all applicable interfaces.
3. Select 'OK'.

To validate from CLI:

FGT1 # config system ha
FGT1 (ha) # set monitor 'port6' 'port7'
FGT1 (ha) # show ###To Review changes to monitored interfaces before applying
config system ha
set group-name 'FGT-HA'
set mode a-p
set password ENC enrwD467hJmO6j6YW/l6FEOa1YNVYdo8Z5mCcTDEKUFpOVXcNYnPBmQDGX//ViXk6TkwNH0il5aJr/fZY25lq+husndQHZVWp2LIlXmCv/n81U43nkZUWaIKvqkellGFbhv0/IHoOLzQPCsVcBbyrsgoprYMvh6w7F06+nRriBtMNQxpiTE+12xAHz7lA3EoYZzf8A==
set override disable
set monitor 'port6' 'port7'

Default Value:


See Also