Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kajlasunil
Staff
Staff

Created on ‎08-03-2023 06:19 AM Edited on ‎11-21-2024 09:42 PM By Community Manager

Article Id 267354

Technical Tip: Automate the scheduling of reboots for the HA cluster using an automation stitch

Description

This article describes how to automate the HA cluster reboot.
Scope

FortiGate.
Solution

The High Availability (HA) cluster may require scheduled reboots in various scenarios.

 

This can be done with an automation script whose action is set as a CLI script and which uses the command 'execute reboot'. This will reboot the primary device, and all traffic will failover to the secondary.

 
gui_Uptime.PNG

In this test scenario, both the primary and secondary devices have different uptimes.

 

To reboot the cluster at the same time, set the automation-destination on automation-stitch.

 

Step 1: Create an automation-destination.

 

config system automation-destination

    edit "rebootPrimary"

        set destination "FGT60FTK20006777"  <- Primary Device SN.

    next

    edit "rebootSeconday"

        set destination "FGT60FTK20008823"  <- Secondary Device SN.

    next

end

 

Step 2: Create an automation action and configure a script to reboot the devices.

 

config system automation-action

    edit "RebootFGTCLI"

        set action-type cli-script

        set script "execute reboot"

        set accprofile "super_admin"

    next

end

Note:
From v7.2 onward, there is a new action type 'system action' which can be used to reboot, shut down or back up the config of the FortiGate. Refer to this document for more details: System automation actions to back up, reboot, or shut down the FortiGate 

Step 3: Create a scheduled trigger to reboot the cluster every Sunday.

 

config system automation-trigger

    edit "RebootFGTeverySunday"

        set trigger-type scheduled

        set trigger-frequency weekly

        set trigger-weekday sunday

        set trigger-hour 11 

    next

end

 

Step 4: Create two automation stitches for each primary and secondary device.

 

config system automation-stitch

edit "RebootPrimary"

set trigger "RebootFGTeverySunday"

config actions

edit 1

set action "RebootFGTCLI"

set required enable

next

end

set destination "rebootPrimary"

next

edit "RebootSecondary"

set trigger "RebootFGTeverySunday"

config actions

edit 1

set action "RebootFGTCLI"

set required enable

next

end

set destination "rebootSeconday"

next

end

 

When the script executes, both of the devices will reboot at the same time. As a result, fine-tuning the trigger-hours is useful to avoid losing all connections at the same time. Different automation-triggers can be applied to each cluster device.

 

After Reboot.PNG


Related document:

Config system automation destination: FortiGate CLI reference
3211
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.