Skip to main content
bigkeoni64
bigkeoni64
Explorer II
May 11, 2022
Solved

Shutting down the Primary of an HA pair

  • May 11, 2022
  • 2 replies
  • 11517 views

Hello

 

Will shutting down of the Primary-FG via GUI be a graceful shutdown and immediately issue a failover to the Secondary-FG of the HA pair?

 

This is an FG-101F and I plan to do a:

 

system > shutdown

 

Reason is, I need to have only the Secondary-FG up and running as the true primary for troubleshooting purposes. Pretty new to this vendor and I want to ensure that it does fail over this way.

 

Thank you.

Best answer by anikolov

Hello bigkeoni64,

 

I can confirm that this way the primary fortigate will shut down. I have tested this on a cluster in my lab and it is doable via the GUI/CLI (with execute shutdown).

 

Regards,

 

PREVIEW
 

2 replies

aahmadzada
Staff
aahmadzada
Staff
May 11, 2022

Hi,
You can failover manually, there is no need to shutdown the primary unit.

please review this kb: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-force-HA-failover/ta-p/196696

 

Ahmad

    bigkeoni64
    bigkeoni64Author
    Explorer II
    May 11, 2022

    Thanks for the article; however, Forti TAC is asking me to make sure the Primary is shutdown because we have to force an ISDB database update to the secondary and they want to make sure the Primary is completely out of the picture. This is why I want to be certain that the Primary is shutdown gracefully after the failover. Once we run the forced update "execute update-now" we will unseat and reseat the power chords to the Primary so it takes over once again.

     

    Is there a follow up command to shutting down the primary after the secondary has taken over?

     

    FG-HA1# execute ha failover set 1

    Richie_C
    Staff
    Richie_C
    Staff
    May 11, 2022

    If you have a correctly functioning cluster, then shutting down the primary would indeed cause a failover. There should be no requirement for any additional commands.

      anikolov
      Staff
      anikolovAnswer
      Staff
      May 11, 2022

      Hello bigkeoni64,

       

      I can confirm that this way the primary fortigate will shut down. I have tested this on a cluster in my lab and it is doable via the GUI/CLI (with execute shutdown).

       

      Regards,

       

      PREVIEW
       
      anikolov
      Staff
      anikolov
      Staff
      May 11, 2022

      And it would be graceful, but still you would need to log in once again on the fortigate. Please check this list which sessions will be synced and which will have to reestablish the connection:
      https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-session-failover-session-pickup/ta-p/191165

       

      More about the session failover in the tabs from this handbook:
      https://docs.fortinet.com/document/fortigate/6.0.0/handbook/786852/session-failover

       

      Regards,

      Aleksandar

       

      Terms & ConditionsAccessibility statement