Technical Tip: FortiManager HA failover guide
Description
This article describes how to perform failover between two FortiManagers.
Scope
FortiManager.
Solution
- Case Scenario Prior to Failover
a. FortiManager HA Primary configuration:
- FortiManager HA Secondary configuration:
- HA results of FortiManager Primary (FMGVMXXXXXXX048) and FortiManager Secondary (FMGVMXXXXXXX039):
2. Failover steps:
- Verify that managed FortiGates are aware of both FortiManager serial numbers.
get system central-management
- On the current Primary FortiManager, change the role to Secondary:
config system ha
set mode secondary
show
end
The FortiManager will tear down any FortiGate-FortiManager sessions with FortiGates when it assumes the role of secondary.
- On the original Secondary FortiManager, change the role to primary as follows:
config system ha
set mode primary
end
The new FortiManager primary will establish FGFM connections with all FortiGates in its list of managed devices. If a FortiGate is behind a NAT device, it might be necessary for that FortiGate to initiate the connection.
The operation Mode can also be changed from the GUI on both devices.
- Go to System Settings -> HA to verify HA status. New FortiManager Primary unit serial number (FGMVMXXXXXXX039)
New FortiManager Secondary unit serial number (FGMVMXXXXXXX048):
Related documents: