Technical Tip: FortiManager HA failover guide - Fortinet Community

FortiManager

FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.

Article Id 191027

Description

This article describes how to perform failover between two FortiManagers.

Scope

FortiManager.

Solution

Case Scenario Prior to Failover

a. FortiManager HA Primary configuration:

FortiManager HA Secondary configuration:

HA results of FortiManager Primary (FMGVMXXXXXXX048) and FortiManager Secondary (FMGVMXXXXXXX039):

HA status.png

2. Failover steps:

Verify that managed FortiGates are aware of both FortiManager serial numbers.

get system central-management

On the current Primary FortiManager, change the role to Secondary:

config system ha

set mode secondary

show

end

Set Mode_slave.png

The FortiManager will tear down any FortiGate-FortiManager sessions with FortiGates when it assumes the role of secondary.

On the original Secondary FortiManager, change the role to primary as follows:

config system ha

set mode primary

end

Set Mode_slave2.png

Set Mode_slave3.png

The new FortiManager primary will establish FGFM connections with all FortiGates in its list of managed devices. If a FortiGate is behind a NAT device, it might be necessary for that FortiGate to initiate the connection.

Go to System Settings -> HA to verify HA status. New FortiManager Primary unit serial number (FGMVMXXXXXXX039)

Set Mode_slave4.png

New FortiManager Secondary unit serial number (FGMVMXXXXXXX048):

Set Mode_slave5.png

Related articles:

16082

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Copyright 2025 Fortinet, Inc. All Rights Reserved.