To format the log disk on a FortiWeb appliance without breaking High Availability (HA), follow these steps carefully to ensure that the FortiWeb appliances continue to function correctly in HA mode:

1. Check the HA Configuration.

Before proceeding, verify the current HA state of the problematic node by running the following command:

diagnose system ha status

diagnose system ha status
HA information

Model=FortiWeb-VM 7.05,build0129(GA),230106, Mode=active-passive Group=20

HA group member information: is_manage_primary=1.
LocalSN: FVVM08TM22000174
PrimarySN: FVVM08TM22000174
FVVM08TM22000174: Primary, 5, 0, 282052, 579, FortiWeb
FVVM08TM22000171: Secondary, 6, 0, 315811, 34327, dc01-waf-prod-01

2. Switch HA Role (if the problematic node is primary):

   • If the override is enabled, the primary unit is chosen based on the following rule: Available ports number (Monitor) -> Priority -> Uptime -> SN (Serial Number).
   • By increasing the priority (where a lower number means higher priority), the current Secondary will take over as the Primary. This can be triggered by ensuring that the Secondary has a higher priority (numerically lower value) than the problematic Primary node.

   
   config system ha
       set mode active-passive
       set group-id 20
       set group-name WAF-PROB-CLOUD
       set priority 5
       set override enable
       set network-type udp-tunnel
       set tunnel-local 10.134.4.107
       set tunnel-peer 10.134.3.107
       set monitor port1 port3
       set ha-mgmt-status enable
       set ha-mgmt-interface port2
       set l7-persistence-sync enable
   end

    

   FortiWeb # config system ha

   FortiWeb (ha) # set priority 7

   FortiWeb (ha) # end

                

   diagnose system ha status
   HA information

   Model=FortiWeb-VM 7.05,build0129(GA),230106, Mode=active-passive Group=20

   HA group member information: is_manage_primary=1.
   LocalSN: FVVM08TM22000171
   PrimarySN: FVVM08TM22000171
   FVVM08TM22000171: Primary, 6, 0, 316445, 34327, dc01-waf-prod-01
   FVVM08TM22000174: Secondary, 7, 0, 282684, 579, FortiWeb

    

   • If the override is disabled, the primary unit will be elected based on the following rule: Available ports number (Monitor) -> Uptime -> Priority -> SN (Serial Number).
   • When the problematic Primary unit is rebooted with the override disabled, it will trigger a failover. After the reboot, the previous Secondary unit will take over as the new Primary and remain as Primary, as its uptime will be higher, and the rebooted node will have lower uptime. This is because uptime takes precedence over priority when the override is disabled.

          

   config system ha

       set override disable

   end
   
   

   After the reboot:
   
   

   diagnose system ha status
   HA information

   Model=FortiWeb-VM 7.05,build0129(GA),230106, Mode=active-passive Group=20

   HA group member information: is_manage_primary=1.
   LocalSN: FVVM08TM22000174
   PrimarySN: FVVM08TM22000174
   FVVM08TM22000174: Primary, 7, 0, 287445, 287004, FortiWeb
   FVVM08TM22000171: Secondary, 6, 0, 467, 26, dc01-waf-prod-01

    

   Note: For more information on HA heartbeat and active node election, see this document HA heartbeat & active node election.

    

3. Format the Log Disk on the problematic node. Once the failover is complete and the problematic node is no longer the active Primary, access the problematic node and format the log disk by issuing the following command:
   
   

execute formatlogdisk

Note: This operation formats the whole log disk /var/log, so all logs and databases used by varied modules stored on this disk will be cleared.