Troubleshooting Tip: How to Change cluster Active-Active to Active-Pasive

pabarro · ‎10-30-2024

Description

This article describes how to change the operation mode of the cluster HA with override set to Enable.

Scope

Procedure to change a cluster with Override Enable from Active-Active mode to Active-Passive mode.

Solution

Hardware Summary:

#######################################
FortiGate-1
FG100ETK11111111
Primary
Priority 135
FortiGate-100E v7.2.7,build1577,240131 (GA.M
Override Enable
Mode: Active - Active

FortiGate-2
FG100ETK22222222
Secondary
Priority 130
FortiGate-100E v7.2.7,build1577,240131 (GA.M
Override Enable
Mode: Active-Active
#######################################

Preparation:

A technician must be on-site to be able to connect to the equipment.
Make a full backup of the Primary (FortiGate-1).

Procedure:

Make a full backup of the Primary FortiGate, FortiGate-1 (FG100ETK11111111).
Physically disconnect (all cables) the Secondary FortiGate 'FortiGate-2' from the cluster. In this case, the traffic will be passed through FortiGate-1 (Primary).
Connect via ssh (CLI) to the FortiGate-1 (Primary) and do the following:

config system ha
set mode a-p

end

Connect via ssh (CLI) to the FortiGate-2 (Secondary) and do the following:

config system ha

set mode a-p

end
execute reboot

After rebooting, physically connect FortiGate-2 (Secondary) to the cluster and wait for the FortiGates to synchronize.
The traffic continues passing through FortiGate-1 (Active).
After the synchronization occurs, proceed with a backup and save it for future use.