Restoring a config backup on an HA cluster only needs to be performed on the HA Primary unit since the config will be automatically synchronized to the HA Secondary as well. Note that this procedure is the same for both active-active and active-passive HA modes.

1. Open the dropdown menu in the top-right corner of the web GUI (where the admin account name is shown) and select Configuration -> Restore.

Note:

Only take a backup using a Super Admin account or the HA will not be in sync because to backup taken with another admin profile will not contain the Super Admin account.

2. Select the Upload button and locate the configuration backup to be restored.

3. Select OK to proceed, then OK again when the reboot warning is shown.

Note: 

When restoring a configuration to an HA cluster, all cluster members will reboot at the same time after proceeding through the reboot warning (i.e. as if having restored the config to multiple standalone FortiGates simultaneously). To avoid this, see the alternative method section shown below.

Once the FortiGates complete their reboot, the cluster will re-establish and both units will have a restored configuration.

It is possible to restore configuration from the GUI of a secondary member if HA Reserved Management Interface is configured. The behavior is the same as when restoring configuration from the Primary's GUI: all cluster members will reboot, and all cluster members will apply the configuration.

Configuration Restore behavior depends on whether a member is isolated from the cluster: 

The configuration restored differs depending on whether or not there are multiple members in the cluster at the time of configuration restore:

• When restoring a configuration backup to a cluster with multiple members, any member-specific settings in the configuration are ignored, including ha priority and hostname. When restoring configuration to a cluster with multiple members, it is not necessary to upload the configuration backup taken from the exact same member. Each member only applies the sections of the configuration that would normally be synchronized.
• When restoring configuration to an isolated member as in the alternative method below, the isolated member applies the full configuration file.

An alternative method for restoring config to HA cluster (avoiding full-cluster reboot):

If the configuration must be restored to the cluster but restarting all cluster members is not an option, then it is necessary to restore the configuration to each FortiGate member individually. The following method is the safest as it involves fully disconnecting each unit from the network before the config restoration and ensures that split-brain/network-disruption scenarios cannot occur. However, it requires someone to be on-site with the FortiGates so that cables can be physically plugged/unplugged.

1. Before starting, verify that the on-site technician has a means of connecting to the FortiGate when it is disconnected from the rest of the network.
For example, the technician should be able to connect a laptop's wired Ethernet port to a management port or similar interface on the FortiGate so they can access the administrative web GUI. This is required so that the configuration can be successfully restored.

2. Disconnect the non-heartbeat network connections on the HA Secondary FortiGate. This isolates the unit from the network so that it cannot accidentally become the HA master.

3. Next, disconnect the heartbeat interfaces on the HA Secondary FortiGate. This fully isolates the unit from the rest of the HA cluster and the network.

4. Have the on-site technician connect to the isolated FortiGate's web GUI, then follow steps 1-3 from the earlier section to restore the configuration. The isolated FortiGate will reboot during this process.

5. After the isolated FortiGate reboots, it has applied the full configuration file. Review the configuration and update any per-device settings, such as hostnames, HA Priority/Override settings, HA reserved management interfaces/addresses, etc.

Repeat these steps for any additional HA Secondary FortiGates in the cluster, until the HA Primary is the only remaining unit to be restored.

6. At this stage, the isolated FortiGate can be swapped into the network and the current HA Primary can be removed. Physically disconnect the data cables one by one from the current HA Primary, and at the same time connect the equivalent data cable on the isolated/restored FortiGate.

• There will be a brief disruption here as the network connections are moved over from one FortiGate to another, but it will be generally much shorter than a reboot of the cluster.
• Heartbeat interfaces should remain disconnected between the HA Primary and the isolated FortiGate at this time.
• Once all of the data connections are moved over, traffic should be handled by the previously-isolated and now-restored FortiGate.
   

7. With the ex-HA Primary FortiGate now disconnected from the network and the cluster, repeat the above steps to restore the configuration.

8. Once all units have been restored, reconnect HA heartbeat cables and verify that the cluster re-forms. Next, reconnect all data cables, and the restore operation is complete.

9. After restoring the configuration, it is essential to verify that all settings from the uploaded file have been successfully applied. To troubleshoot any potential errors following a configuration restoration, the following command can be used:

diagnose debug config-error-log read

This command helps identify and resolve any configuration errors that may have occurred during the process.