We had 2 firewalls in a cluster and one failed, FN dutifully replaced the faulty one, awesome, and when I tried to add the secondary one back, it caused a few issues.
I had to change the password, as no one had copied down the password, so I changed it, and mirrored the settings on both firewalls except the priority, the primary had a higher priority.
It appeared to have made a cluster with the secondary and primary, and still leaving the primary as a single firewall on a cluster.
It was not able to connect to the internet and our primary looked as though it had lost some of its config (I had a backup of the config I uploaded and it jumped back into life once I completed this)
Here is a copy of our config.
show config system ha
set group-name "Our cluster name"
set mode a-p
set password "Encrypted password here"
set hbdev "ha" 0
set session-pickup enable
set override disable
set priority 200
end
I give the primary this and all I change is the secondary priority to 150.
I had to upgrade the secondary firmware to the same as this one, so I used the management port, gave it a static IP, remoted in, upgraded firmware, then I tried to add it to the current cluster and this was where it failed. I did not have the thought process in place to make a copy of either firewall configs, during the issues, to see what was happening with them so I unfortunately do not have a copy to show here (Next time I will) Do I need to remove the cluster (I have changed it to standalone mode at the moment)
Is there any other glaring differences I should change?
 
					
				
		
Created on ‎08-24-2022 01:03 AM
Hi @IT_Admin ,
This KB will be helpful for your to add the RMA unit back into production:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-add-a-new-FortiGate-unit-to-an-exis...
Please let me know if you need any help.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.