Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rayg00n
New Contributor

FortiGate HA-Cluster (becoming a Master after rebooting)

Hi all!

I have a simple questoin about HA-cluster settings.

We have 2 Fortigate 92D in active-passive mode (Master=№1, Slave=№2)

The FortiOS version is v6.0.11 build0387 (GA) on both devices.

Recently, I have found that my Fortigate 92D №1 didn't become a Master after rebooting or restoring connections.

I had to return the Master role to first Fortigate 92D manually.

As I understand it, by default, elections inside the HA cluster are launched every 5 minutes.

Is that something wrong with my configuration?

 

That's is a Master(№1) config:

 

config system ha
    set group-id 10
    set group-name "HAGroup1"
    set mode a-p
    set password ENC *****************************
    set hbdev "internal13" 50 "internal14" 50
    set session-pickup enable
    set override disable
    set priority 150
end

 

The Slave(№2) config:

 

config system ha
    set group-id 10
    set group-name "HAGroup1"
    set mode a-p
    set password ENC *************************
    set hbdev "internal13" 50 "internal14" 50
    set session-pickup enable
    set override disable
    set priority 50
end

2 Solutions
Toshi_Esumi
Esteemed Contributor III

No. Election happens whenever some conditions changed. Without override, the predominant deciding factor is uptime if monitored interfaces are all up on both units. The unit that has the longest uptime becomes the master. However, if the difference of uptime is 5 min or less, they would look for the next factor; serial numbers. The unit with the highest serial number takes the master role. I think that's your case. 

View solution in original post

Toshi_Esumi
Esteemed Contributor III

If you have to, you need to user override. But most cases it's not recommended even in FTNT documentation because if a problem happens on the master and they swapped over at that time, it has to swap back when the problem is resolved on the master. It would case two outages instead of one.

View solution in original post

6 REPLIES 6
Toshi_Esumi
Esteemed Contributor III

No. Election happens whenever some conditions changed. Without override, the predominant deciding factor is uptime if monitored interfaces are all up on both units. The unit that has the longest uptime becomes the master. However, if the difference of uptime is 5 min or less, they would look for the next factor; serial numbers. The unit with the highest serial number takes the master role. I think that's your case. 

rayg00n

Thanks for the answer!

Should I set up "set override enable" on both sides to change the situation?

I want to see Fortigate №1 as Master every time when he appears in HA-cluster.

Toshi_Esumi
Esteemed Contributor III

If you have to, you need to user override. But most cases it's not recommended even in FTNT documentation because if a problem happens on the master and they swapped over at that time, it has to swap back when the problem is resolved on the master. It would case two outages instead of one.

rayg00n

toshiesumi wrote:

If you have to, you need to user override. But most cases it's not recommended even in FTNT documentation because if a problem happens on the master and they swapped over at that time, it has to swap back when the problem is resolved on the master. It would case two outages instead of one.

Well, Would the best solution be "set ovveride enable" only on the Master Fortigate to avoid the problem?

Toshi_Esumi
Esteemed Contributor III

Override won't work if only one has the config even if it's allowed. But that's not the point override is not recommended. There is no particular good reason one of them needs to be the master when it can. They're exactly the same units, including licenses, hardware revisions, etc. Shouldn't be a matter which one is elected.

rayg00n

It makes sense.

Thanks for the piece of advice.

The problem solved.

Labels
Top Kudoed Authors