This article describes the criteria for selecting the primary unit in a FortiGate High Availability (HA) cluster, depending on whether the override feature is enabled or disabled. 

The criteria include the number of operationally UP Monitored interfaces, HA uptime, priority, and serial number of the devices.

Confirm whether the override is enabled using the following commands:

show system ha

Primary unit selection criteria when override is disabled (MUPS):

1. The device that has a higher number of operationally UP Monitored interfaces (M).
2. The device that has the highest HA Uptime, not the unit uptime (U).
3.  The device which has the highest Priority (P).
4. Device which has the highest Serial Number (S).

Additional note:

If the HA uptime difference between the two units is less than ha-uptime-diff-margin (default value is 300 seconds), then Priority will be considered as per the 4th point above. This would usually happen during HA cluster firmware upgrade if an upgrade between clusters happens in less than  ha-uptime-diff-margin, then Primary will be selected based on the highest Priority.

To check the HA cluster members' uptime:

get system ha status

Related article:

Technical Tip: How to verify HA cluster members individual uptime 

Some points to remember about primary unit selection:

• The FGCP compares primary unit selection criteria in the following order: Failed Monitored interfaces -> Age -> Device Priority -> Serial number. The selection process stops at the first criteria that select one cluster unit.
• Negotiation and primary unit selection are triggered if a cluster unit fails or if a monitored interface fails.
• If the HA age difference is more than ha-uptime-diff-margin (default value is 300 seconds), the cluster unit that is operating longer becomes the primary unit.
• If the HA age difference is less than ha-uptime-diff-margin (default value is 300 seconds), the device priority will be checked first. If the priority value is the same on both devices, the FortiGate will select based on serial number to become the primary unit.
• The 300 second default difference parameter can be adjusted by setting ha-uptime-diff-margin under config system ha.
• Every time a monitored interface fails, the HA age of the cluster unit is reset to 0.
• Every time a cluster unit restarts, the HA age of the cluster unit is reset to 0.

Primary unit selection criteria when override is enabled (MPUS):

1. The device that has a higher number of operationally UP Monitored interfaces (M).
2.  The device that has the highest Priority (P).
3. A device that has the highest HA Uptime, not the unit uptime (U)
4. The device that has the highest Serial Number (S).
   

Note:

If the Primary unit has lower priority and if the override is enabled, even only on the primary and not on the secondary unit, this will still trigger HA Failover. Ensure the priorities are set as intended to avoid accidental HA Failover.

Related documents:

Primary unit selection with override disabled (default)

Primary unit selection with override enabled

Technical Tip: HA age time difference (HA cluster uptime)  

Technical Tip: How to verify HA cluster members individual uptime