Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rishab444
Staff
Staff

Created on ‎01-22-2024 09:24 PM

Article Id 295440

Technical Tip: Upgrading Firewall in HA cluster when using configuration converted using FortiConverter

Description

This article describes the best practice to use the configuration from a FortiConverter for the FortiGate that is working in HA to avoid any split-brain or network storm issues.
Scope FortiGate.
Solution

Convert the configuration for one unit in HA then follow the below steps:

 

  1. Break the HA pair, where each unit is isolated to avoid any split-brain situation or to avoid a storm in the network.
  2. Wipe the secondary unit clean from any configuration. When it rejoins the HA, to avoid a storm or split-brain situation.
  3. Push the configuration on the primary unit where the config is normally loaded in the unit: Select the user name in the upper right-hand corner of the screen and select Configuration -> Restore.
  4. Configure HA on both primary and secondary units as per the official document: HA active-passive cluster setup
  5. Add back the secondary unit to the cluster and the config will automatically sync in some time and the cluster will be up and work expected..
  6. Confirm using the below command in CLI.

 

get system ha status
482
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.