Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dubos
New Contributor III

HA active-passive but I can't watch a "slave"

Hi, everybody It seems that I have successfully enabled synchronization of the cluster that was working offline before me, and all the settings were duplicated manually. But when it worked and I see that they are both in a cluster from the main server interface, the backup server page became unavailable to me. I just didn't find confirmation that this is how it should be and in general I recently started working with it. Is this normal? 

With respect,

Daniil Dubosarskij

ГАУ РК «ЦИТ»

2 Solutions
Toshi_Esumi
Esteemed Contributor

Since a-p HA have the same config between them (almost) and stand-by is stand-by doing nothing other than syncing config and, optionally sessions, with the master so no need to keep watching at, when you get in with one of those interface IPs, you can see only the master. But under System->HA, you can see interface status, etc. of all units in the cluster.

Unless it goes out-of-sync, you don't need to check anything on the stand-by(s). Then when you need it due to sync problems, almost all you need to do on the stand-by is some diag commands in CLI, which you can get to it via its console. But if you have to remotely get in and you don't have a terminal server, you can configure an interface under "set ha-mgmt-interfaces" in "config sys ha" section then you can have a unique IP on each unit in a subnet so that you can reach it individually either with GUI or CLI over SSH. 

View solution in original post

ede_pfau
Esteemed Contributor III

Additionally, you can always start a telnet session from the master CLI to the slave with issueing

"exec ha manage <0|1>"

where 0 or 1 is the cluster member index of the passive unit. You get it via

"get sys ha stat"

The connection is established using the HA interface(s) directly.

This way, you can change the slave's HA config quickly, with no other tools but the WebGUI of the cluster/master.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor

Since a-p HA have the same config between them (almost) and stand-by is stand-by doing nothing other than syncing config and, optionally sessions, with the master so no need to keep watching at, when you get in with one of those interface IPs, you can see only the master. But under System->HA, you can see interface status, etc. of all units in the cluster.

Unless it goes out-of-sync, you don't need to check anything on the stand-by(s). Then when you need it due to sync problems, almost all you need to do on the stand-by is some diag commands in CLI, which you can get to it via its console. But if you have to remotely get in and you don't have a terminal server, you can configure an interface under "set ha-mgmt-interfaces" in "config sys ha" section then you can have a unique IP on each unit in a subnet so that you can reach it individually either with GUI or CLI over SSH. 

View solution in original post

ede_pfau
Esteemed Contributor III

Additionally, you can always start a telnet session from the master CLI to the slave with issueing

"exec ha manage <0|1>"

where 0 or 1 is the cluster member index of the passive unit. You get it via

"get sys ha stat"

The connection is established using the HA interface(s) directly.

This way, you can change the slave's HA config quickly, with no other tools but the WebGUI of the cluster/master.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Toshi_Esumi
Esteemed Contributor

FYI: From 6.2.x "exe ha manage n" command requires "username" at the end.