Technical Tip: How to identify the specific role of each FortiGate in a Cluster with three members

Pedro_FTNT · ‎02-26-2025

Description

This article describes how to identify the specific role of each FortiGate in a Cluster with three members.

Scope

FortiGate.

Solution

This is an example of Active-Passive Cluster, configured with three FortiGates:

Go to System -> HA

HA status shows three FortiGates: FW1, FW3, and FW2.
Role to FW1 as Primary.
Role to FW3 as Secondary.
Role to FW2 as Secondary.

Use the CLI command line to know the specific role of each FortiGate.

diagnose sys ha status

FW-INTERNET-1 # diagnose sys ha status
HA information
Statistics
traffic.local = s:0 p:95562928 b:54538724611
traffic.total = s:0 p:95577307 b:54537425492
activity.ha_id_changes = 18
activity.fdb = c:0 q:0

Model=1800, Mode=2 Group=193 Debug=0
nvcluster=1, ses_pickup=1, delay=0

[Debug_Zone HA information]
HA group member information: is_manage_primary=1.
FG180FTKXXXX1129: Primary, serialno_prio=0, usr_priority=210, hostname=FW-INTERNET-1
FG180FTK0XXXX973: Secondary-2, serialno_prio=1, usr_priority=190, hostname=FW-INTERNET-3
FG180FTKXXXX0902: Secondary, serialno_prio=2, usr_priority=200, hostname=FW-INTERNET-2

[Kernel HA information]

vcluster 1, state=work, primary_ip=169.254.0.1, primary_id=0, silent=0
FG180FTKXXXX1129: Primary, ha_prio/o_ha_prio=0/0
FG180FTKXXXX0902: Secondary, ha_prio/o_ha_prio=1/1
FG180FTKXXXX0973: Secondary-2, ha_prio/o_ha_prio=2/2
Silent vcluster bitmap=00000000000000000000000000000000

Where:

FW-INTERNET-1 - FG180FTKXXXX1129: Primary.
FW-INTERNET-2 - FG180FTKXXXX0902: Secondary.
FW-INTERNET-3 - FG180FTKXXXX0973: Secondary-2.

Related document:

Check HA synchronization status

Technical Tip: How to identify the specific role of each FortiGate in a Cluster with three members

You are leaving our website