FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amahdi
Staff
Staff
Article Id 263716
Description

This article explains a scenario where the user has an HA cluster with interface monitoring to trigger an HA fail-over when a monitored interface link goes down.
The fail-over causes the cluster to renegotiate and re-select the primary unit.


However, fail-over is not happening when one of the monitored interfaces goes down:


config system ha

    set group-name "NAME"

    set mode a-p

    set password ENC

    set hbdev "a" 0 "b" 0

    set route-ttl 60

    set hb-interval 6

    set hello-holddown 30

    set session-pickup enable

    set session-pickup-connectionless enable

    set override enable

    set priority 200

    set override-wait-time 120

    set monitor "internal" "wan2" <----- Failover is not happening when WAN2 is  down.

Scope FortiGate.
Solution

Check ha failover status on the secondary unit:

execute ha failover status

failover status: set  --> need to be disabled


To disable:

 

 

execute ha failover unset 1

Contributors