FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cochoa
Staff
Staff
Description
This article describes how to perform a controlled chassis failover between 2 chassis in SLBC dual mode.


Solution
How to produce a chassis failover:
 
Step by step:
_ In the primary FortiController in chassis #1: 

#diag sys ha force-slave-state by-chassis 5 1

_ Verify the chassis failover in primary FortiController in chassis #2: 

#get sys status 
 
To return primary role to FortiController in chassis #1:
 
Step by step:
_ Clean the flag in the new master / primary FortiController in chassis #2

#diag sys ha force-slave-state clear   
     
_ Verify that the primary role was correctly reassigned to primary FC in chassis #1

#get sys status 

Some suggested commands to be executed before and after the failover to verify correct synchronization in and between chassis are the following:
 
On the FortiControllers:
 

Command

Purpose

Expected Result

diagnose system ha status

Check blade synchronization

Check master, slave role

All blades with in_sync=1

get load-balance status

Check workers status

Both workers should be in status=Working

 
On the FortiGates:
 

Command

Purpose

Expected Result

diag sys confsync status

Check blade synchronization

All blades with in_sync=1

diag test application chlbd 1

Check hb status

last_rx < 100

diag test application chlbd 2

Check route synchronization

route_sync=2



Contributors