FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sbaikadi
Staff
Staff
Description
This article describes  the procedure followed for HA master selection on FortiGate-6000 and 7000 series.

Solution
Default HA behavior can be influenced by override settings under HA config. “show full-configuration ha” will show configured parameters under HA:
FGT(global) # show full-configuration system ha
# config system ha

    set group-id 10
    set group-name "test"
    set mode a-p
    set password XXX
    set hbdev "ha1" 50 "ha2" 50
    set chassis-ID 1
    set hbdev-vlan-id 999
    set hbdev-second-vlan-id 999
    set override disable
    set priority 128
    set monitor "port2"
    set ssd-failover disable <----- Settings available only on 6301F and 6501F. Disabled by-default
end

FortiGate-6501F or 6301F HA clusters support SSD (log disk) failure protection. SSD failure protection is disabled by default.
Use the following command to enable SSD failure protection:

# config system ha
    set ssd-failover enable
end

Note:
For 6001 series, disk config mismatch will causes one of HA chassis to halt. By-default disk config is Raid-1
When chassis-id set to same, chassis with lower serial number will shut down in version 6.0.6 to 6.0.8. This is fixed in v6.0.9 (Reference Bug: 592170)

Case1: Override disabled.

When override is disabled, HA failover follows the below sequence:

6301/6501 Series: Any active worker (equal)-> Monitor interface (equal) -> Total active worker number (equal) -> SSD failure -> Total SSD number (equal) -> HA Uptime (equal) -> Priority (equal) ->Serial Number.





6300/6500/7000 Series: Any active worker (equal)-> Monitor interface (equal) -> Total active worker number (equal) -> HA Uptime (equal) -> Priority (equal) ->Serial Number.





Case2: Override enabled.
When override is enabled, HA failover follows the below sequence:

6301/6501 Series: Any active worker (equal)-> Monitor interface (equal) -> Total active worker number (equal) -> SSD failure (equal) -> Total SSD number (equal) -> Priority (equal) -> HA Uptime (equal) ->Serial Number.




6300/6500/7000 Series: Any active worker (equal)-> Monitor interface (equal) -> Total active worker number (equal) -> Priority (equal) -> HA Uptime (equal) ->Serial Number.




Contributors