Created on 09-25-2019 08:07 AM Edited on 12-10-2024 06:03 AM By Stephen_G
This article explains how to manage individual cluster units with the CLI command 'execute ha manage'.
FortiGate.
The following procedure describes how to use SSH to log into the primary unit CLI and from there use the 'execute ha manage' command to connect to the CLI of any other unit in the cluster.
The procedure is very similar if telnet is used, or the GUI dashboard CLI console.
Use the 'execute ha manage' command from the CLI of any cluster unit to log into the CLI of another cluster unit.
Usually, use this command from the CLI of the primary unit to log into the CLI of a subordinate unit.
However, if the user is logged into a subordinate unit CLI, the user can use this command to log into the primary unit CLI or the CLI of another subordinate unit.
Using SSH or telnet or the GUI dashboard CLI console permits to only log into the primary unit CLI.
Using a direct console connection to log into any cluster unit is possible.
In both cases 'execute ha manage' to connect to the CLI of other cluster units is possible.
FGT1# exec ha manage
<id> please input peer box index.
<0> Subsidiary unit FGXXXXXXXXXXXXXX
The CLI displays a list of all the subordinate units in the cluster. Each cluster unit is numbered as <id>. The information displayed for each cluster unit includes the unit serial number.
Complete the command with the number of the subordinate unit and an administrator account to log into the CLI of the selected subordinate unit to log into.
For example, to log into subordinate unit 1, enter the following command:
FGT1# exec ha manage 0 admin
Warning: Permanently added '169.254.0.1' (ED25519) to the list of known hosts.
admin@169.254.0.1's password:
FGT2#
'Enter' to connect to and use. If this subordinate unit has a different hostname, the CLI prompt changes to this hostname.
Use CLI commands to manage this subordinate unit.
If any changes to the configuration of any cluster unit are done (primary or subordinate unit) these changes are synchronized to all cluster units.
Now use the 'execute ha manage' command to connect to any other cluster unit (including the primary unit).
Use the exit command to return to the primary unit CLI.
Note :
If the subordinate unit ID is wrong while accessing another FortiGate through cluster, it will show an SSH error:
connect to host 169.254.0.3 port 22: No route to host
For example:
Challenger-kvm119 # execute ha manage
<id> please input peer box index.
<1> Subsidiary unit FGVM02TM21000124 <---- Secondary fortigate id is 1.
While running execute ha manage, If the FortiGate ID is wrong then it will show the below error.
Challenger-kvm119 # execute ha manage 2 admin
ssh: connect to host 169.254.0.3 port 22: No route to host
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.