config system ha

    set mode a-p                              # Active-Passive mode

    set group-name "HA-Cluster"               # Cluster group name

    set group-id 10                           # Cluster group ID (must match on both units)

    set password "Ha@123"                     # HA cluster password

    set hbdev "port3" 50 "port4" 100          # Heartbeat interfaces and priorities

    set session-pickup enable                 # Enable session table synchronization

    set session-pickup-connectionless enable  # Sync UDP sessions

    set session-pickup-expectation enable     # Sync helper sessions (e.g., FTP, SIP)

    set override enable                       # Allow higher-priority device to take over

    set priority 200                          # Device priority (higher = preferred master)

    set monitor "port1" "port2"               # Interfaces monitored for link status

    set ha-mgmt-status enable                 # Enable dedicated HA management interface

    config ha-mgmt-interfaces

        edit 1

            set interface "mgmt1"             # Management interface for HA member

            set gateway "192.168.1.1"

        next

    end

    set unicast-hb enable                     # Use unicast heartbeat (optional, for multi-seg)

    set ha-direct enable                      # Direct HA link for faster sync

    set sync-config enable                    # Enable full configuration sync

    set encryption enable                     # Encrypt HA sync traffic

    set ha-reserved-bandwidth 5               # Reserve 5% bandwidth for HA sync

end