Skip to main content
lord_amarant
lord_amarant
New Member
October 16, 2015
Question

ha with link monitor and override

  • October 16, 2015
  • 1 reply
  • 10181 views

Hi,

i have this scenario.

Two fortgate 1000d in a geographical cluster active-passive.

I need the active will return active after a failover, so i configure the override command.

Also i need to monitor a ip to force a failover in casa the ip wasn’t reachable by one of the device, so i configure the link monitor and set to chance the HA priority.

Here start my problem.

Whit the override configured on the active even if i lose reachability there isn’t  a change of the priority(it seems like the link monitor is after priority if there is override configured).

It works if i put the same priority on both the device, but if i get back the ip reachability the override command don’t set the old active as active but stays passive.

 

Here the command I use:

 

config system ha

    set override enable

    set priority 150

    set pingserver-monitor-interface "port1"

    set pingserver-failover-threshold 5

    set pingserver-flip-timeout 120

end

 

config system link-monitor

    edit "Gw-mon"

        set srcintf "port1"

        set server "172.31.2.250"

        set interval 2

        set failtime 2

        set ha-priority 50

    next

end

 

thak you

    1 reply

    torgnyw
    torgnyw
    New Member
    October 21, 2015

    Hi,

     

    What firmware version are you running?

    This is the configuration on one of the cluster members?

    Is it same on both members?

     

    \\

    Torgny

    lord_amarant
    lord_amarantAuthor
    New Member
    October 22, 2015

    Hi,

    thanks for your reply.

     

    -i try with the 5.2.3 and with the 5.2.4.

    -this config is only on one of the member of the cluster(the default active)

    -only the on the default active

     

    emnoc
    emnoc
    New Member
    October 22, 2015

    A few Qs;

     

    Did you debug  HA   daemon when you simulate the fail-over?

     

    diag debug reset

    diag debug en

    diagnose debug application hatalk -1

     

    Did you  validate the value is decreased by  50 & is  lower than the other unit ?

     

    diagnose sys ha status

    diagnose sys ha dump-by all-vcluster

     

    Did you remove the  pingserver and reapply the cfg, we seen problem with the ping server being  stuck some times  in the past.

     

    config system ha    unset pingserver-monitor-interface     set pingserver-monitor-interface port1 end   And finally  run a diag sniffer out of the port and ensure the pings failed when they fail.   e.g diag sniffer packet port1 " proto 1 and host 172.31.2.250"     Ken

    Terms & ConditionsAccessibility statement