Disconnected FWs from HA cluster..can' t reach either now

Forum|Forum|12 years ago
March 28, 2014
2 replies
10420 views

Hi Everyone We had two New Fortigate 300Cs come into a remote office. Someone locally got them both set up on a network there and I could configure them remotely from a different office. Configured the pair in HA. Everything was fine until I realized I did not give them hostnames. While in cluster, there appeared to be no option to change hostname. Figured I would disconnect each from cluster and then go back in to each separately, give hostname and recreate cluster. Disconnected Slave first, then Master. Now I can' t get to either, even from the same network. Power cycled both and still nothing. What could have happened? Thanks

Jan_Scholten

New Member

Hmm never did that, you should get a console to the devices.. For future you should be able to change the hostnames: (i prefer cli):

  config system global  set hostname XYZ  next  end      execute ha manage 1  config system global  set hostname XYZ-slave  next  end    exit

Not sure whether you can change that via gui in HA mode.

BernhardH

New Member

Hi there!

ORIGINAL: jaym222 Hi Everyone We had two New Fortigate 300Cs come into a remote office. Someone locally got them both set up on a network there and I could configure them remotely from a different office. Configured the pair in HA. Everything was fine until I realized I did not give them hostnames. While in cluster, there appeared to be no option to change hostname. Figured I would disconnect each from cluster and then go back in to each separately, give hostname and recreate cluster. Disconnected Slave first, then Master. Now I can' t get to either, even from the same network. Power cycled both and still nothing. What could have happened? Thanks

Heh, yes, I tip my hat to Fortigate for this :) If you don' t RTFM, you are really lost then. When you disconnect a unit from the cluster in the GUI, a screen will pop up with an interface and IP selection (and not much explanation). If you just leave the pre-filled interface 1 / 0.0.0.0 or so, your whole unit will be shut off and you have to restore the config via USB or console. What happens is this: When you disconnect the unit from the HA group, you HAVE to enter a (connected, and reachable) interface and set a new IP for this interface - this is then the new IP at which you can reach your box, ALL other interfaces will be disabled/set to 0.0.0.0. From the HA FortiOS handbook: When the cluster unit is disconnected the HA mode is changed to standalone. In addition, all interface IP addresses of the disconnected unit are set to 0.0.0.0 except for the interface that you configure. Otherwise the configuration of the disconnected unit is not changed. The HA configuration of the disconnected unit is not changed either (except to change the HA mode to Standalone).

BernhardH

New Member

ORIGINAL: BernhardH When you disconnect a unit from the cluster in the GUI, a screen will pop up with an interface and IP selection (and not much explanation). If you just leave the pre-filled interface 1 / 0.0.0.0 or so, your whole unit will be shut off and you have to restore the config via USB or console. What happens is this: When you disconnect the unit from the HA group, you HAVE to enter a (connected, and reachable) interface and set a new IP for this interface - this is then the new IP at which you can reach your box, ALL other interfaces will be disabled/set to 0.0.0.0.

Funny enough, I tried this while working on my setup last Friday, and though I entered the right IP and interface, the boy remained unavailable. I need to check with a console cable what is happening there...

HermesM

New Member

This still happens with newer versions in 2022, I just lost the passive node on 2 clusters x)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded