Each Fortinet device with HA-Cluster must be configured with a unique HA group ID to prevent the virtual MAC Address conflict and for group identification. If any two of the Fortinet HA-Cluster group IDs are found to be configured with the same group ID, one of the HA-Cluster group IDs must be changed immediately.

1. FortiWeb does not allow Group ID changes after HA has been enabled. The Group ID box will be greyed out and unable to be modified:

2. Trying to modify the value in the CLI console access shall result in getting the failure error messages.

3. To modify the Group ID value, it must break the FortiWeb HA-Cluster, which changes the mode to Standalone. Re-enable the HA mode and reconfigure all the HA settings again in FortiWeb. Schedule downtime maintenance for the change request and take note of the existing configuration of both primary and secondary units, which can be taken from the GUI or CLI. During the changes, disconnect the network from the secondary unit so that the Virtual IP will not be conflicted when both units are in Standalone mode.

4. HA settings can be configured from both the GUI and the CLI. In case FortiWeb does not have a dedicated Management interface, users may log into the FortiWeb console CLI and update the HA settings via commands. The HA mode must change to Standalone and save the settings first. From Standalone mode, reconfigure the HA mode and HA variables based on previous settings with the new Group ID.

5. Reconnect the network connections for the secondary unit if they are disconnected due to the configuration changes. Check out the HA settings page again and make sure the HA cluster is in sync on both primary and secondary units.

Related document:

Configuring FortiWeb High Availability settings