Technical Tip: 'ping-options source' not shown in CLI on secondary FortiGate in HA cluster
Description
This article describes why the ping-options source command is not available on the CLI of a FortiGate unit that is part of a High Availability (HA) cluster.
Scope
FortiGate.
Solution
When a FortiGate device is a member of an HA cluster, the secondary (backup) unit does not support the ping-options source parameter, regardless of whether the cluster is operating in active-active or active-passive mode.
For example, in an HA active-passive setup with two FortiGates:
- FGT-1 is the primary (primary) unit.
- FGT-2 is the secondary (secondary) unit.
The ping-options source command will only be available on the primary unit. This is expected behavior due to HA role restrictions.
FGT-1 (root) # diagnose sys ha status HA information Statistics traffic.local = s:0 p:14933 b:8628586 traffic.total = s:0 p:15838 b:9744220 activity.ha_id_changes = 3 activity.fdb = c:0 q:0 Model=80005, Mode=2 Group=100 Debug=0 nvcluster=1, ses_pickup=0, delay=0 [Debug_Zone HA information] HA group member information: is_manage_primary=1. FGVM01TM25005667: Primary, serialno_prio=1, usr_priority=130, hostname=FGT-1 FGVM01TM25005735: Secondary, serialno_prio=0, usr_priority=128, hostname=FGT-2 [Kernel HA information] vcluster 1, state=work, primary_ip=169.254.0.2, primary_id=0, silent=0 FGVM01TM25005667: Primary, ha_prio/o_ha_prio=0/0 FGVM01TM25005735: Secondary, ha_prio/o_ha_prio=1/1 Silent vcluster bitmap=00000000000000000000000000000000 FGT-1 (primary):
FGT-1 (root) # execute ping-options adaptive-ping Adaptive ping <enable|disable>. data-size Integer value to specify datagram size in bytes. df-bit Set DF bit in IP header <yes | no>. interface Auto | <outgoing interface>. interval Integer value to specify seconds between two pings. pattern Hex format of pattern, e.g. 00ffaabb. repeat-count Integer value to specify how many times to repeat PING. reset Reset settings. source Auto | <source interface IP>. timeout Integer value to specify timeout in seconds. tos IP type-of-service option. ttl Integer value to specify time-to-live. use-sdwan Use SD-WAN rules to get output interface <yes | no>. validate-reply Validate reply data <yes | no>. view-settings View the current settings for PING option. vrf VRF ID. FGT-2 (secondary):
FGT-2 (root) # execute ping-options adaptive-ping Adaptive ping <enable|disable>. data-size Integer value to specify datagram size in bytes. df-bit Set DF bit in IP header <yes | no>. interval Integer value to specify seconds between two pings. pattern Hex format of pattern, e.g. 00ffaabb. repeat-count Integer value to specify how many times to repeat PING. reset Reset settings. timeout Integer value to specify timeout in seconds. tos IP type-of-service option. ttl Integer value to specify time-to-live. use-sdwan Use SD-WAN rules to get output interface <yes | no>. validate-reply Validate reply data <yes | no>. view-settings View the current settings for PING option.