HA A-A link not failover
FW1 and FW2 HA A-A SW INFO: -VM 6.2.2 Trial License on Eve-NG Community Nov 2019 FW1 & FW2: Because HA then FW2 Slave has the same ip config as FW1 Master config system interface edit "port1" set vdom "root" set ip 10.0.1.11 255.255.255.0 set allowaccess ping https ssh snmp http telnet fgfm radius-acct probe-response capwap set type physical set description "WAN1" set snmp-index 1 next edit "port2" set vdom "root" set ip 10.0.2.2 255.255.255.0 set allowaccess ping set type physical set description "WAN2" set snmp-index 2 next edit "port3" set vdom "root" set ip 10.0.3.1 255.255.255.0 set allowaccess ping set type physical set description "DMZ" set snmp-index 3 next edit "port4" set vdom "root" set ip 10.0.4.1 255.255.255.0 set allowaccess ping ssh http fgfm set type physical set description "LAN1" set snmp-index 4 next edit "port5" set type physical set description "HEARTBEAT" set snmp-index 5 end config system ha set group-name "HA" set mode a-a set password password set hbdev "port5" 0 set session-pickup enable set override disable set monitor "port1" set load-balance-all enable end
config system link-monitor edit "1" set srcintf "port1" set server "8.8.8.8" set gateway-ip 10.0.1.2 set failtime 2 next end
FW1 # get system ha status HA Health Status: OK Model: FortiGate-VM64-KVM Mode: HA A-A Master: FW1 , FGVMEVOZCSOR5P1B, HA cluster index = 0 Slave : FW2 , FGVMEVNROOBQ8U57, HA cluster index = 1 PROBLEM1: -link from FW1 port1 to Switch G0/1 shutdown RESULT: ping from PC1 to 8.8.8.8 down master not failover from FW1 PROBLEM2: -link from FW1 port to Switch G0/1 up -FW1 port1 status down RESULT: ping from PC1 to 8.8.8.8 down master not failover from FW1 QUESTIONS:
[ol]UPDATE1: -if link from master to internet down, all traffic from both FW1 and FW2 down it seems link or port monitoring not working at all