|
In this example, HA environment, FGVM16TM24000037 is the primary unit and FGVM16TM24000014 is the secondary.
The 'link-failed-signal enable' setup is configured as follows:
diagnose sys ha status
HA information
Statistics
traffic.local = s:0 p:71052 b:39027014
traffic.total = s:0 p:71280 b:39047340
activity.ha_id_changes = 6
activity.fdb = c:0 q:0
Model=80009, Mode=2 Group=0 Debug=0
nvcluster=1, ses_pickup=1, delay=0
[Debug_Zone HA information]
HA group member information: is_manage_primary=1.
FGVM16TM24000037: Primary, serialno_prio=0, usr_priority=128, hostname=FGVM16TM24000037
FGVM16TM24000014: Secondary, serialno_prio=1, usr_priority=100, hostname=FGVM16TM24000014
[Kernel HA information]
vcluster 1, state=work, primary_ip=169.254.0.1, primary_id=0:
FGVM16TM24000037: Primary, ha_prio/o_ha_prio=0/0
FGVM16TM24000014: Secondary, ha_prio/o_ha_prio=1/1
config system ha
set group-name "fortinet"
set mode a-p
set hbdev "port10" 0
set session-pickup enable
set link-failed-signal enable
set override disable
set monitor "port1" "port2"
end
Some users wonder what will happen if the command 'diagnose sys ha reset-uptime' is executed while configuring 'set link-failed-signal enable'.
The FortiGate interfaces will not be brought down.
After resetting uptime, check it using the following commands. Example output is attached for most.
diagnose sys ha reset-uptime
diagnose sys ha status
HA information
Statistics
traffic.local = s:0 p:3510 b:1334317
traffic.total = s:0 p:3568 b:1338566
activity.ha_id_changes = 2
activity.fdb = c:0 q:0
Model=80009, Mode=2 Group=0 Debug=0
nvcluster=1, ses_pickup=1, delay=0
[Debug_Zone HA information]
HA group member information: is_manage_primary=1.
FGVM16TM24000014: Primary, serialno_prio=1, usr_priority=100, hostname=FGVM16TM24000014
FGVM16TM24000037: Secondary, serialno_prio=0, usr_priority=128, hostname=FGVM16TM24000037
[Kernel HA information]
vcluster 1, state=work, primary_ip=169.254.0.2, primary_id=0:
FGVM16TM24000014: Primary, ha_prio/o_ha_prio=0/0 <- Changed its role.
FGVM16TM24000037: Secondary, ha_prio/o_ha_prio=1/1 <- Changed its role.
diagnose sys ha history read on FGVM16TM24000037
version=1.1
HA state change time: 2024-01-31 22:08:50
message_count=27/512
<2024-01-31 22:08:50> user="admin" ui=ssh(10.10.69.64) msg="Reset HA uptime" <----- No links brought down.
.. omitted <----- No logs related to links.
diagnose sys ha history read on FGVM16TM24000014
version=1.1
HA state change time: 2024-01-31 22:08:50
message_count=29/512
<2024-01-31 22:08:50> FGVM16TM24000014 is elected as the cluster primary of 2 member
.. omitted
diagnose sys ha dump-by group
<hatalk> HA information.
group-id=0, group-name='fortinet'
has_no_hmac_password_member=0
has_no_aes128_gcm_sha256_member=0
gmember_nr=2
'FGVM16TM24000014': ha_ip_idx=1, hb_packet_version=10, last_hb_jiffies=0, linkfails=0, weight/o=0/0, support_hmac_password=1, support_aes128_gcm_sha256=1
'FGVM16TM24000037': ha_ip_idx=0, hb_packet_version=16, last_hb_jiffies=55687, linkfails=8, weight/o=0/0, support_hmac_password=1, support_aes128_gcm_sha256=1
hbdev_nr=1: port10(mac=000c..c3, last_hb_jiffies=55687, hb_lost=0),
vcluster_nr=1
vcluster_0: start_time=1706706123(2024-01-31 22:02:03), state/o/chg_time=2(work)/3(standby)/1706706530(2024-01-31 22:08:50)
pingsvr_flip_timeout/expire=3600s/3452s
mondev: port1(prio=50,is_aggr=0,status=1) port2(prio=50,is_aggr=0,status=1)
'FGVM16TM24000014': ha_prio/o=0/0, link_failure=0, pingsvr_failure=0, flag=0x00000001, mem_failover=0, uptime/reset_cnt=407/0
'FGVM16TM24000037': ha_prio/o=1/1, link_failure=0, pingsvr_failure=0, flag=0x00000000, mem_failover=0, uptime/reset_cnt=0/2
Conclusion: These commands have no impact on each other.
|
