Skip to main content
rayg00n
rayg00n
New Member
March 1, 2021
Solved

FortiGate HA-Cluster (becoming a Master after rebooting)

  • March 1, 2021
  • 1 reply
  • 11818 views

Hi all!

I have a simple questoin about HA-cluster settings.

We have 2 Fortigate 92D in active-passive mode (Master=â„–1, Slave=â„–2)

The FortiOS version is v6.0.11 build0387 (GA) on both devices.

Recently, I have found that my Fortigate 92D â„–1 didn't become a Master after rebooting or restoring connections.

I had to return the Master role to first Fortigate 92D manually.

As I understand it, by default, elections inside the HA cluster are launched every 5 minutes.

Is that something wrong with my configuration?

 

That's is a Master(â„–1) config:

 

config system ha
    set group-id 10
    set group-name "HAGroup1"
    set mode a-p
    set password ENC *****************************
    set hbdev "internal13" 50 "internal14" 50 
    set session-pickup enable
    set override disable
    set priority 150
end

 

The Slave(â„–2) config:

 

config system ha
    set group-id 10
    set group-name "HAGroup1"
    set mode a-p
    set password ENC *************************
    set hbdev "internal13" 50 "internal14" 50 
    set session-pickup enable
    set override disable
    set priority 50
end

Best answer by Toshi_Esumi

No. Election happens whenever some conditions changed. Without override, the predominant deciding factor is uptime if monitored interfaces are all up on both units. The unit that has the longest uptime becomes the master. However, if the difference of uptime is 5 min or less, they would look for the next factor; serial numbers. The unit with the highest serial number takes the master role. I think that's your case. 

1 reply

Toshi_Esumi
SuperUser
Toshi_EsumiAnswer
SuperUser
March 1, 2021

No. Election happens whenever some conditions changed. Without override, the predominant deciding factor is uptime if monitored interfaces are all up on both units. The unit that has the longest uptime becomes the master. However, if the difference of uptime is 5 min or less, they would look for the next factor; serial numbers. The unit with the highest serial number takes the master role. I think that's your case. 

rayg00n
rayg00nAuthor
New Member
March 1, 2021

Thanks for the answer!

Should I set up "set override enable" on both sides to change the situation?

I want to see Fortigate â„–1 as Master every time when he appears in HA-cluster.

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 1, 2021

If you have to, you need to user override. But most cases it's not recommended even in FTNT documentation because if a problem happens on the master and they swapped over at that time, it has to swap back when the problem is resolved on the master. It would case two outages instead of one.

Terms & ConditionsAccessibility statement