HA Failing Over due to ping failure - link-monitor

Forum|Forum|3 years ago
May 17, 2022
1 reply
4812 views

Hi hoping someone can help me understand how to correct this issue. Replacing some Cisco routers with Fortigate firewalls and have been testing the OS in a lab environment. I have a lot of redundancy setup and everything is almost working 100% except the primary FW keeps failing back to the secondary. If I shutdown the HB link it will switch back but the second it is enable again it fails over to the secondary. If I restart the devices this does not happen until I manually trigger my link-monitor to fail in which case it switches to the secondary but from that point on is stuck. See the screen shots below for the cause of this -

Not sure why the pingsvr_failure stays at 50 or if there is a way to reset it. It gets to 50 because I manually shutdown the link to test the failover - but from that point on it is always at 50 so it essentially gets stuck on the other FW no matter what until a power cycle.

Thanks for the help!

Ryan

FortiGate

Best answer by rpratt

Nevermind... after much searching I've found the answer. If anyone else is trying to wrap their heads around this the FortiGates will stop listening to their link-monitors and hold where they are until the "pingserver-flip-timeout". By default this is 60 minutes - after this time it will reevaluate which should be the primary and begin monitoring as normal.

rprattAuthorAnswer

Visitor III

Nevermind... after much searching I've found the answer. If anyone else is trying to wrap their heads around this the FortiGates will stop listening to their link-monitors and hold where they are until the "pingserver-flip-timeout". By default this is 60 minutes - after this time it will reevaluate which should be the primary and begin monitoring as normal.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded