Fortigate HA troubleshooting

Forum|Forum|4 years ago
January 14, 2022
2 replies
3124 views

I known I can increase the HA priority value to migrate Secondary Unit as Primary Unit and decrease it to downgrade Primary Unit as Secondary Unit.
I'd like to know, is it different between the two methods?

1. increase the priority on secondary unit to Primary and
2. decrease the priority on primary unit to secondary.

FortiGate

Toshi_Esumi

SuperUser

If it's 6.4.x or later and you want to fail them over just for test purpose, you have this option.

https://docs.fortinet.com/document/fortigate/6.4.0/new-features/684039/force-ha-failover-for-testing-and-demonstrations

If you're using override, sounds like you are, and you want to do the failover semi-permanently, only other parameter you can tweak is the number of failed monitored interfaces. As in the flow chart below:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/123439/primary-unit-selection-with-override-enabled

Toshi

akileshc

Staff

Hello,

If you are still using FortiOS 6.2 or earlier versions you do not have the opportunity to set the EXE FAIL OVER flag to accomplish HA failover. You can verify with the Override option on your preferred HA node.

By default, the HA override CLI command is disabled. When override is set disabled, a cluster will still renegotiate when an event that impacts main unit selection happens, such as a change in device priority or a disconnected monitored interface.

However, if you want to ensure that the same cluster unit is always the primary unit and are less worried about frequent cluster negotiation, you may set its device priority higher than other cluster units and enable override.

For further information, please see the following link:

** https://docs.fortinet.com/document/fortigate/6.0.0/handbook/123439/primary-unit-selection-with-override-enabled

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded