FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mattchow_FTNT
Article Id 346894
Description This article describes how link failure causes HA failover failure.
Scope FortiGate.
Solution

For example, HA failover has to override disabled under the HA setting, monitored interfaces are port1 and port2 as shown below:

 

config system ha

    set override disable

    set monitor port1 port2

end

 

HA failover can be triggered in the primary unit by using the command 'diagnose sys ha reset-uptime', failover has no response if there is a counter on the secondary's 'link_failure'.

 

The 'link_failure' counter can be checked using the command 'diagnose sys ha dump-by group' as shown below:


link_failure.jpg

 

It is required to check the status of port1 and port2 under HA-monitored interfaces:

 

config system ha

    set monitor port1 port2 <-----

end

 

Note:

Each port failure results in 50 increments in the counter, for example, one monitored interface down is 50, and two monitored interfaces down will be 100.