I'm configuring a new cluster and the smaller units only have 1 HA port where-as the larger units have 2 typically. Would best practice be to sacrifice another port (say, DMZ?) so we have redundant heart beat interfaces? I'm worried a dead port/cable could cause split brain and take my network down.
Thanks!
I would say yes, for the reason that if you connect the heartbeat over a switch using a single cable you will get issues when you for example upgrade that switch and need to reboot it. Also of course any other switch issue might also cause issues for the cluster. The last thing you want is for one issue to cause another one is my thinking.
I agree that two heartbeat interfaces is the way to go. I am not familiar with Fortinet, but I am wondering if you can do the heartbeat over a VLAN. If you can to the heartbeat over a VLAN, you could take your DMZ interface and add a VLAN to it then run the heartbeat over the VLAN. Therefore, one physical interface could support both your DMZ and heartbeat.
We can have one HA port for both HA heartbeat and data/Config synchronization, however its best to have two seperate ports one for HA heartbeat and other for Config/Data synchronization. Its not required to have redundant heartbeat interfacee, because heartbeat interface is to check whether the peer is alive. We can have port monitor with only HA heartbeat interface so that whenever there is a status change on the monitor port then the failover happpens.