Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
spathak
Staff
Staff

Created on ‎02-12-2020 01:29 AM Edited on ‎02-03-2025 10:15 PM By Staff

Article Id 198142

Technical Tip: How to access secondary unit of HA cluster via CLI

Description


This article describes how to access the secondary unit of the HA cluster via CLI.

Scope


From Version 6.2 and above.

Solution


In the HA cluster (Active-Active or Active-Passive) access to both units via CLI is possible.
To access the secondary unit via CLI  refer to the below command:

Below 6.2.0.

Run the below command in CLI:

 

execute ha manage [HA Cluster Index ID] [username]                             <----- Where ID can be 0 or 1.

 

Example.

 

execute ha manage 0                                    < ----- If the ID of the secondary unit is 0.
execute ha manage 1                                   < ----- If the ID of the secondary unit is 1.

 

A further login prompt is presented for both username and password in the second unit. 

To view the available units and corresponding indexes:

 

exec ha manage ?

 

From 6.2.0 and above.

Run the below command to the primary unit CLI:

 

execute ha manage [ID] [username]

[username]@password: [password]

 

Example.

 

execute ha manage 1 EXAMPLE                                    < ----- 1 is the ID of the secondary unit and EXAMPLE is the admin username.

EXAMPLE@password:                                                        < ----- The password entered here will not be visible.

 

If the layer 3 unicast is not enabled in the HA setting, the IP address used by each unit to access the other with this method is 169.254.0.1 (primary unit) and 169.254.0.2 (secondary unit) by default.

Any system logon event showing 169.254.0.1 and 169.254.0.2 below indicates the admin session was established from the other HA unit with the method described in this article.:

 

date=2025-01-28 time=00:21:03 eventtime=1738023663554439770 tz="+0000" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1738023663" user="admin" ui="ssh(169.254.0.1)" method="ssh" srcip=169.254.0.1 dstip=169.254.0.2 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(169.254.0.1)"

Labels:
172316
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.