Skip to main content
nbctcp
nbctcp
New Member
December 17, 2019
Question

Remove HA Cluster

  • December 17, 2019
  • 3 replies
  • 20812 views

SW INFO: -FortiOS 6.2.2 Eval License

 

I want to ask simple question.

How to remove HA cluster from CLI (I think can't do from GUI) beside factoryreset or revision restore

 

tq UPDATE1: -can be solved by make it Standalone

    3 replies

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    December 17, 2019

    To get a proper answer you want, you need to explain how your HA setup looks like. Is it only two unit a-p or a-a setup? And want to break them and operate only one? Breaking HA is as simple as making one of them a standalone or even just disconnecting the heartbeat cable(s). But some consequences will follow because both of them would start acting as own master/standalone without considering the other side.

    nbctcp
    nbctcpAuthor
    New Member
    December 17, 2019

    That interesting answer

    My scenario are

    1 Master and 1 Slave

    mode a-p

     

    STEPS TAKEN: 1. create FW1 as master

    2. join FW2 as member of HA Cluster

    3. now FW2 become slave

    4. I disjoint FW2 form cluster

    here I haven't make FW2 as standalone

    5. change FW1 from master to standalone

     

    QUESTIONS:

    1. is that right procedure to remove cluster in a-p mode

    2. what is the right procedure in a-a mode

    3. 

    even just disconnecting the heartbeat cable(s). But some consequences will follow because both of them would start acting as own master/standalone without considering the other side

     do you mean split brain, if just diconnecting HeartBeat?

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    December 17, 2019

    Yes, of course. Did you mean "isolating FW2 network-wise" by "disjoin FW2"? Then, you should be fine.

    MOKADEM_a
    MOKADEM_a
    Visitor III
    February 11, 2022

    1/ disable the HA interfaces of the primary fortigate
    2/ change the ip address of one of the fortigates to make the difference
    3/ change the HA mode to Standalone in both fortigates

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 13, 2022

    Before anybody tries a simple 'set ha-mode standalone' in a production environment, watch out! You need to isolate the slave unit from the network(s) first, either by shutting it down ('exec shut' in slave CLI), or by pulling all cables. Otherwise, you will have 2 routers/firewalls on the net with identical IP addresses and MAC addresses (a.k.a. 'split brain').

     

    Explictely, disabling the/all HA interface(s) will lead to chaos if both units are still fully connected to the networks.

      MOKADEM_a
      MOKADEM_a
      Visitor III
      February 13, 2022

      Yes, you have reason.

      Terms & ConditionsAccessibility statement