Fortinet Community

WY · ‎10-31-2022

Hi Guys,

I accidently discovered the failover (A/P in different zones) mechanism of AWS firewall cluster did not work during a scheduled change.

The fortigate firewall cluster rely on AWS API to maintain the HA status.

When I switch off the master firewall, the slave firewall did not take over.

I got below error msg when debug HA event:

"awsd failed to get instance id/awsd failed to get metadata"

Any ideas?

Many thanks.

Regards,
Wentao

vvarangoulis · ‎10-31-2022

Hello Wentao,

The message for "awsd failed to get instance id/awsd failed to get metadata"
is usually appearing if there is an issue with the management port and/or the elastic IP on that management port. Also, having the latest firmware, usually, helps with Fortigate cloud deployments. Please have a look at the below documentation

If everything is as per documentation, it would be better to open a ticket with the TAC.

Fortinet Documentation - Deploying FortiGate-VM active-passive HA AWS between multiple zones
https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/aws-administration-guide/229470/depl...

Please mark the posts as solved if you have no further queries
--VV--

WY · ‎10-31-2022

Hi VV,

Thanks for the documentation, I will have a read.

Regards,

Wentao

Fortinet Community

AWS Fortigate firewall cluster (A/P in different zones) did not failover