i have a pair of FG300D, recently we noticed that the master is having alot of error message.
my fortiOS is version 5.4.4
how do i force/swap the HA failover ?
so that the slave will now act as the mater
what is the cli command
i try diagnose sys ha reset-uptime have no effect.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
it depends which option you have: 'override disabled' or 'override enabled'. You can check it here:
show system ha
With 'override disabled' (default mode) the order is:
1) number of monitored interfaces
2) HA uptime (the difference between peers must be higher than 5 minute to use this one, below 5 minutes is treated as the same value)
3) priority
4) serial number
With 'override enabled' :
1) number of monitored interfaces
2) priority
3) HA uptime (the difference between peers must be higher than 5 minute to use this one, below 5 minutes is treated as the same value)
4) serial number
With the 1st option to trigger failover you reset the HA uptime (on the active one) and with the 2nd you must change priority (higher value is preferred).
You should stay with default settings (override disabled). It's more stable version and requires less planning. You may prefer 'override enabled' with virtual-clustering in active-passive mode.
my show sys ha is below
override is disable.
IER2_FW01 # show system ha config system ha set group-name "GV-TIER2-FW-HA" set mode a-p set hbdev "mgmt1" 50 "mgmt2" 50 set session-pickup enable set override disable set monitor "port1" "port2" "port3" end
i have set priority for slave to be 200 instead of default of 128 but nothing changed.
master is still the one with issue.
do i need to restart the FW??
Just pull the cable on port1 (or port2, port3) on the master unit, it's monitored. Cluster will fail over then.
A failover needs an event to happen, changing the config is not sufficient.
Resetting HA uptime should trigger the failover. It can be a bug I didn't find anything for this version
will try by unplug the cables.
in the mean time. i am also getting this error.
Message meets Alert condition
The following critical firewall event was detected: Heartbeat device interface down.
date=2019-06-13 time=09:40:44 devname=GV_TIER2_FW02 devid=FGT3HD3916807905 logid=0108037901 type=event subtype=ha level=critical vd=root logdesc="Heartbeat device interface down" msg="Heartbeat device(interface) down" ha_role=slave hbdn_reason="neighbor-info-lost" devintfname="mgmt1"
Can you check the status of the heartbeat link? The failover can't be triggered because from primary perspective there is no available standby. Not sure what is the status of the secondary, without heartbeat you may see split-brain, when both claim "I'm primary now". Do you have more heartbeat links or only the one which doesn't work?
You should definitively have 2 HA links. Always.
Just check the HA cluster status. Only if it is OK you can initiate a failover.
on my dashboard, both master/slave is looking okay.
but under systtem events, i am getting alot of errors.
Message meets Alert condition The following critical firewall event was detected: Virtual cluster member dead. date=2019-06-17 time=09:30:39 devname=GV_TIER2_FW02 devid=FGT3HD3916807905 logid=0108037893 type=event subtype=ha level=critical vd=root logdesc="Virtual cluster member dead" msg="Virtual cluster detected member dead" vcluster=1 ha_group=0 sn="FGT3HDMASTER" Message meets Alert condition The following critical firewall event was detected: Heartbeat device interface down. date=2019-06-17 time=09:30:39 devname=GV_TIER2_FW02 devid=FGTSLAVE logid=0108037901 type=event subtype=ha level=critical vd=root logdesc="Heartbeat device interface down" msg="Heartbeat device(interface) down" ha_role=slave hbdn_reason="neighbor-info-lost" devintfname="mgmt2"
Message meets Alert condition The following critical firewall event was detected: Virtual cluster member joined. date=2019-06-17 time=09:26:42 devname=GV_TIER2_FW02 devid=FGT3HD395 logid=0108037894 type=event subtype=ha level=critical vd=root logdesc="Virtual cluster member joined" msg="Virtual cluster detected member join" vcluster=1 ha_group=0 sn="FGT3HD8573" Message meets Alert condition The following critical firewall event was detected: Virtual cluster member dead. date=2019-06-17 time=09:26:42 devname=GV_TIER2_FW02 devid=FGT3HD395 logid=0108037893 type=event subtype=ha level=critical vd=root logdesc="Virtual cluster member dead" msg="Virtual cluster detected member dead" vcluster=1 ha_group=0 sn="FGT3HD39163"
i have open a ticket with fortinet and was told to perform HQIP test to confirm hardware issue before doin RMA.
so i need to unplug cables from master so that it will failover to the slave unit
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.