I've been testing a few configuration tweaks in order to reduce my OSPF routing convergence to the bone, a sub second fail-over.
Here are the optimal FortiGate Cluster Protocol settings I've found out:
config system ha
...
set route-ttl 60
set route-wait 60
set route-hold 60
set hb-interval 1
set hb-lost-threshold 3
set hello-holddown 5
set arps 50
set arps-interval 1
set session-pickup enable
set session-pickup-connectionless enable
set session-pickup-delay enable
set link-failed-signal enable
...You will find all the needed information of each parameters here:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/947938/failover-performance
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/184962/routing-graceful-restart
Graceful restart has to be setup at your dynamic routing protocol, on this lab, OSPF over IPsec is used.
config router ospf
set router-id 9.9.9.9
set restart-mode graceful-restart
config area
edit 0.0.0.0
next
...Below is a view behind a Spoke FortiGate reaching the FGCP OSPF router through an IPsec tunnel. The FGCP is conducting a failover due to port10 being brought down on the Master node.
That's it..