Scenario:

• FortiWeb is configured in HA Active-Passive mode.
• Each FortiWeb node has a dedicated Management network IP configured.
• FortiWeb Active node successfully added to FortiWeb-Manager.
• FortiWeb Passive node failed to add to FortiWeb-Manager.

Error in FortiWeb-Manager when trying to add the FortiWeb Passive node:

Explanation:

• Adding FortiWeb to FortiWeb-Manager will trigger a config update in FortiWeb the cross-domain settings.
• The FortiWeb Passive node is in read-only mode which causes the config change failure on the cross-domain settings., thus failing to add the device to FortiWeb-Manager.
• The read-only mode prevents changes made to the Passive node, config change should always be made only to the FortiWeb Active node.

Workaround:

• There are chances that the FortiWeb HA-Cluster triggers failover and users wish to be able to manage the FortiWeb secondary unit if the Passive node takes over the Active mode.
• To add the secondary FortiWeb (Passive), the FortiWeb unit must not be in Slave (Passive) status. This can be done by performing a manual failover to make the secondary unit a Master (Active) node.
• Alternatively, remove the secondary FortiWeb from the HA cluster by changing the HA settings of the secondary FortiWeb to Standalone, add the secondary FortiWeb to the FortiWeb-Manager ,and reconfigure the FortiWeb HA settings to Active-Passive again.

Related document: