FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
spathak
Staff
Staff
Article Id 198142

Description


This article describes how to access the secondary unit of the HA cluster via CLI.

Scope


From Version 6.2 and above.

Solution


In the HA cluster (Active-Active or Active-Passive) access to both units via CLI is possible.
To access the secondary unit via CLI  refer to the below command:

Below 6.2.0.


Run the below command in CLI:

 

execute ha manage [HA Cluster Index ID] [username]                             <----- Where ID can be 0 or 1.

 

Example.

 

execute ha manage 0                                    < ----- If the ID of the secondary unit is 0.
execute ha manage 1                                   < ----- If the ID of the secondary unit is 1.

 

A further login prompt is presented for both username and password in the second unit. 

To view the available units and corresponding indexes:

 

exec ha manage ?

 

From 6.2.0 and above.

Run the below command to the primary unit CLI:

 

execute ha manage [ID] [username]

[username]@password: [password]

 

Example.

 

execute ha manage 1 EXAMPLE                                    < ----- 1 is the ID of the secondary unit and EXAMPLE is the admin username.

EXAMPLE@password:                                                        < ----- The password entered here will not be visible.

 

If the layer 3 unicast is not enabled in the HA setting, the IP address used by each unit to access the other with this method is 169.254.0.1 (primary unit) and 169.254.0.2 (secondary unit) by default.

Any system logon event showing 169.254.0.1 and 169.254.0.2 below indicates the admin session was established from the other HA unit with the method described in this article.:

 

date=2025-01-28 time=00:21:03 eventtime=1738023663554439770 tz="+0000" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1738023663" user="admin" ui="ssh(169.254.0.1)" method="ssh" srcip=169.254.0.1 dstip=169.254.0.2 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(169.254.0.1)"