Technical Tip: FortiNAC trigger failover scenarios
Description
Â
This article describes different scenarios that trigger failover on FortiNAC.
Â
Scope
Â
FortiNAC.
Solution
Â
Triggering failover on FortiNAC can be achieved by one of the following scenarios:Â
Â
Scenario 1. Network loss: Disconnect the eth0 interface of the Primary Server or admin down the switch port.
Scenario 2. Cold shutdown: unplug the power cable from the box, or if it is a VMware machine, select the VM Power, Power off (DO NOT select Guest Shutdown because it will not trigger failover).Â
Scenario 3. Management processes down: In the Primary Server CLI, stop the management process without idling the Control process. Type -> shutdownNAC -kill.
Â
Open an SSH session to the Secondary Server and begin tailing the processManager log.Â
Logs.
tf output.processManager.
Â
The Secondary Server regularly attempts to poll the status of its corresponding Primary Server every 30 seconds.Â
Â
If the Primary Server does not respond after 5 consecutive attempts (or the number defined by the Ping Retry Count), the Secondary Server will attempt to take control.Â
Failover is complete once the appropriate Secondary Server(s) take control, display status (Slave) Slave In Control Idle(false).Â
Â
This can take several minutes.Â
Â
In scenario 3, to start the service again on the primary type -> startupNAC.
Â
In the three scenarios, it is necessary to manually resume control on the primary by selecting Dashboard -> Main, scrolling to the Summary panel, and selecting the 'Resume Control' button.
Related article:
Technical Tip: Performing a manual (forced) failover on FortiNAC-F
Check page 21 in the High Availability guide:Â