FortiManager HA initial setup:

• FMG-A -> HA Primary.
• FMG-B -> HA Secondary.

1. Disable FMG-A (primary) at the network level (Disable FMG-A port at the switch level, or disable FortiManager network interface).
2. FortiManager HA cluster is expected to be down:

3. If FMG-A GUI is accessible via another network, make FMG-A secondary. If GUI is inaccessible, console to FMG-A and change to secondary.

Note:

It is important to make sure FMG-A is not in Primary mode before promoting FMG-B to primary.

GUI: Go under FortiManager -> System Settings -> HA -> Operation Mode -> Secondary -> Apply.

Console / CLI: 

config system ha

    set mode secondary

end

4. Login to FMG-B and make FMG-B Primary. Go under FortiManager -> System Settings -> HA -> Operation Mode -> Primary -> Apply.

5. All FortiGates are expected to connect to the new Primary (FMG-B).

Note: At this stage, the user will be troubleshooting the FMG-A network connection and bringing up the network connection in real case scenario.

6. Proceed to bring UP FMG-A network connection.

7. Make sure the FortiManager HA cluster is UP and synchronized in both FMG-A and FMG-B.

FMG-B (HA Primary):

FMG-A (HA Secondary):

8. Once both FortiManager are synchronized, proceed to perform manual failover again:

FMG-B -> HA Secondary.

FMG-A -> HA Primary.

Note:

 It is important to make sure FMG-B is not in Primary mode before promoting FMG-A to primary.

9. All FortiGates are expected to be connected to FMG-A.
10. Make sure both FortiManager HA cluster statuses are UP and synchronized.

Related article:

Technical Tip: FortiManager HA setup and troubleshooting