Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mattchow_FTNT
Staff
Staff

Created on ‎10-03-2024 09:43 PM Edited on ‎07-03-2025 12:22 AM By Staff

Article Id 346894

Technical Tip: HA failover failure cause by link failure

Description This article describes how link failure causes HA failover failure.
Scope FortiGate.
Solution

For example, HA failover has to override disabled under the HA setting, monitored interfaces are port1 and port2 as shown below:

 

config system ha

    set override disable

    set monitor port1 port2

end

 

HA failover can be triggered in the primary unit by using the command 'diagnose sys ha reset-uptime', failover has no response if there is a counter on the secondary's 'link_failure'.

 

The 'link_failure' counter can be checked using the command 'diagnose sys ha dump-by group' as shown below:


link_failure.jpg

 

It is required to check the status of port1 and port2 under HA-monitored interfaces:

 

config system ha

    set monitor port1 port2 <-----

end

 

Note:

Each port failure results in 50 increments in the counter, for example, one monitored interface down is 50, and two monitored interfaces down will be 100.
1177
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.