Description
This article describes the usage of the 'execute ha failover set' command to perform a forced failover on an HA primary unit.
The unit will stay in a failover state regardless of the conditions.
The only way to remove the failover status is by manually turning it off or setting the failover status on another device in the cluster.
Note:
This is only used for testing, troubleshooting, and demonstrations. Do not use it in a production environment.
For more suitable options to use, see Technical Tip: Different options to trigger an HA failover (FGCP).
Scope
FortiGate.
Solution
To set the failover flag:
Run this command on the Active unit:
execute ha failover set 1
Caution: This command will trigger an HA failover.
It is intended for testing purposes.
Do you want to continue? (y/n)y
To check the failover status:
execute ha failover status
failover status: set
diag sys ha dump-by group
<hatalk> HA information.
group-id=240, group-name='HA-CLUSTER'
has_no_hmac_password_member=0
[......]
'FGT3HD3914-----3': ha_prio/o=0/0, link_failure=0, pingsvr_failure=0, flag=0x00000001, uptime/reset_cnt=0/3
'FGT3HD3914-----9': ha_prio/o=1/1, link_failure=0, pingsvr_failure=0, flag=0x00000002, uptime/reset_cnt=27561870/6
Note:
Flag 0x00000002 means the HA failover flag is set on the device
Flag 0x00000001 means the device is Primary
Flag 0x00000000 means the device is Secondary
To view the system status of a unit in forced HA failover:
get system ha status
HA Health Status: OK Model: FortiGate-300D
Mode: HA A-P
Group: 240
Debug: 0
Cluster Uptime: 0 days 2:11:46
Cluster state change time: 2020-03-12 17:38:04
Master selected using:
FGT3HD3914-----3 is selected as the master because it has EXE_FAIL_ OVER flag set.
FGT3HD3914-----9 is selected as the master because it has the largest value of override priority.
ses_pickup: disable
override: enable
Configuration Status:
FGT3HD3914-----9(updated 4 seconds ago): in-sync
FGT3HD3914-----3(updated 3 seconds ago): in-sync
System Usage stats:
FGT3HD3914-----9(updated 4 seconds ago):
sessions=5, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=30%
FGT3HD3914-----3(updated 3 seconds ago):
sessions=41, average-cpu-user/nice/system/idle=0%/0%/0%/99%, memory=30%
To stop the failover status:
execute ha failover unset 1
Caution: This command may trigger an HA failover.
It is intended for testing purposes. Do you want to continue? (y/n)y
Whether un-setting the failover status will cause a cluster failover depends on your HA configuration (priority, override enabled etc.).
Please refer to the Primary unit selection process HERE.
To view the system status of a device after forced HA failover is disabled:
get system ha status
HA Health Status: OK
Model: FortiGate-300D
Mode: HA A-P
Group: 240
Debug: 0
Cluster Uptime: 0 days 2:14:55
Cluster state change time: 2020-03-12 17:42:17
Master selected using:
FGT3HD3914-----9 is selected as the master because it has the largest value of override priority.
FGT3HD3914-----3 is selected as the master because it has EXE_FAIL_ OVER flag set.
FGT3HD3914-----9 is selected as the master because it has the largest value of override priority.
ses_pickup: disable
override: enable
Configuration Status:
FGT3HD3914-----9(updated 3 seconds ago): in-sync
FGT3HD3914-----3(updated 2 seconds ago): in-sync
System Usage stats:
FGT3HD3914-----9(updated 3 seconds ago):
sessions=0, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=30%
FGT3HD3914-----3(updated 2 seconds ago):
sessions=38, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=30%
Notes:
The unit will stay in a failover state (Backup) regardless of the conditions, but when the new Active unit fails for whatever reason (such as during a hardware failure or a reboot), the failover state (Backup) unit takes over traffic once again as a standalone until the former FortiGate re-joins the cluster.
Once the unit joins the cluster, it will take over the Active role again.
The failover status does not survive a system reboot.
Setting the failover status on a second device in the cluster will automatically unset the status on another device if it were already set.
!Caution!: when using this command, do not add a factory reset unit to the cluster, as it will wipe the config of the existing unit which has this flag set.
For example:
Consider an example with two FortiGates, FortiGate A and FortiGate B.
- Currently, A is the Active (Primary) unit.
- When performing the command 'execute ha failover set 1' on unit A, unit B will become the Active (Primary) unit.
- In case, B fails for whatever reason (such as in a hardware failure or reboot), A will take over the Active role. However, the moment B comes online in the cluster, it will take over as the Active (Primary) unit.
