FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jkoay
Staff & Editor
Staff & Editor
Article Id 191027

Description


This article describes how to perform failover between two FortiManagers.

 

Scope

 

FortiManager.

Solution

 

  1. Case Scenario Prior to Failover

    a. FortiManager HA Primary configuration:
Primary.png
 
 
    1. FortiManager HA Secondary configuration:
 
Secondary1.png
 
    1. HA results of FortiManager Primary (FMGVMXXXXXXX048) and FortiManager Secondary (FMGVMXXXXXXX039):
 
HA status.png
 
     2. Failover steps:
 
    1. Verify that managed FortiGates are aware of both FortiManager serial numbers.
 
get system central-management
 
FGT1.png
 
    1. On the current Primary FortiManager, change the role to Secondary:
       
config system ha
set mode secondary
show
end
 
Set Mode_slave.png
  
The FortiManager will tear down any FortiGate-FortiManager sessions with FortiGates when it assumes the role of secondary.

    1. On the original Secondary FortiManager, change the role to primary as follows:
 
config system ha
   set mode primary
end
 
Set Mode_slave2.png
 
Set Mode_slave3.png
The new FortiManager primary will establish FGFM connections with all FortiGates in its list of managed devices.  If a FortiGate is behind a NAT device,  it might be necessary for that FortiGate to initiate the connection.
 
    1. Go to System Settings -> HA to verify HA status. New FortiManager Primary unit serial number (FGMVMXXXXXXX039)
 
Set Mode_slave4.png
 
New FortiManager Secondary unit serial number (FGMVMXXXXXXX048):
 
Set Mode_slave5.png
 
Related articles: