Technical Tip: 'ping-options source' not shown in CLI on secondary FortiGate in HA cluster

azhunissov · ‎08-07-2019

Description

This article describes why the ping-options source command is not available on the CLI of a FortiGate unit that is part of a High Availability (HA) cluster.

Scope

FortiGate.

Solution

When a FortiGate device is a member of an HA cluster, the secondary (backup) unit does not support the ping-options source parameter, regardless of whether the cluster is operating in active-active or active-passive mode.

For example, in an HA active-passive setup with two FortiGates:

FGT-1 is the primary (primary) unit.
FGT-2 is the secondary (secondary) unit.

The ping-options source command will only be available on the primary unit. This is expected behavior due to HA role restrictions.

FGT-1 (root) # diagnose  sys  ha  status
HA information
Statistics
traffic.local = s:0 p:14933 b:8628586
traffic.total = s:0 p:15838 b:9744220
activity.ha_id_changes = 3
activity.fdb  = c:0 q:0

Model=80005, Mode=2 Group=100 Debug=0
nvcluster=1, ses_pickup=0, delay=0

[Debug_Zone HA information]
HA group member information: is_manage_primary=1.
FGVM01TM25005667:      Primary, serialno_prio=1, usr_priority=130, hostname=FGT-1
FGVM01TM25005735:    Secondary, serialno_prio=0, usr_priority=128, hostname=FGT-2

[Kernel HA information]
vcluster 1, state=work, primary_ip=169.254.0.2, primary_id=0, silent=0
FGVM01TM25005667:      Primary, ha_prio/o_ha_prio=0/0
FGVM01TM25005735:    Secondary, ha_prio/o_ha_prio=1/1
Silent vcluster bitmap=00000000000000000000000000000000

FGT-1 (primary):

FGT-1 (root) # execute ping-options
adaptive-ping     Adaptive ping <enable|disable>.
data-size         Integer value to specify datagram size in bytes.
df-bit            Set DF bit in IP header <yes | no>.
interface         Auto | <outgoing interface>.
interval          Integer value to specify seconds between two pings.
pattern           Hex format of pattern, e.g. 00ffaabb.
repeat-count      Integer value to specify how many times to repeat PING.
reset             Reset settings.
source            Auto | <source interface IP>.
timeout           Integer value to specify timeout in seconds.
tos               IP type-of-service option.
ttl               Integer value to specify time-to-live.
use-sdwan         Use SD-WAN rules to get output interface <yes | no>.
validate-reply    Validate reply data <yes | no>.
view-settings     View the current settings for PING option.
vrf               VRF ID.

FGT-2 (secondary):

FGT-2 (root) # execute ping-options
adaptive-ping     Adaptive ping <enable|disable>.
data-size         Integer value to specify datagram size in bytes.
df-bit            Set DF bit in IP header <yes | no>.
interval          Integer value to specify seconds between two pings.
pattern           Hex format of pattern, e.g. 00ffaabb.
repeat-count      Integer value to specify how many times to repeat PING.
reset             Reset settings.
timeout           Integer value to specify timeout in seconds.
tos               IP type-of-service option.
ttl               Integer value to specify time-to-live.
use-sdwan         Use SD-WAN rules to get output interface <yes | no>.
validate-reply    Validate reply data <yes | no>.
view-settings     View the current settings for PING option.

Technical Tip: 'ping-options source' not shown in CLI on secondary FortiGate in HA cluster

You are leaving our website