Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
IT_Admin
New Contributor

Fortigate 200f HA cluster issue

We had 2 firewalls in a cluster and one failed, FN dutifully replaced the faulty one, awesome, and when I tried to add the secondary one back, it caused a few issues.

I had to change the password, as no one had copied down the password, so I changed it, and mirrored the settings on both firewalls except the priority, the primary had a higher priority.

It appeared to have made a cluster with the secondary and primary, and still leaving the primary as a single firewall on a cluster.

It was not able to connect to the internet and our primary looked as though it had lost some of its config (I had a backup of the config I uploaded and it jumped back into life once I completed this)

 

Here is a copy of our config.

 

show config system ha
set group-name "Our cluster name"
set mode a-p
set password "Encrypted password here"
set hbdev "ha" 0
set session-pickup enable
set override disable
set priority 200
end

 

I give the primary this and all I change is the secondary priority to 150.

I had to upgrade the secondary firmware to the same as this one, so I used the management port, gave it a static IP, remoted in, upgraded firmware, then I tried to add it to the current cluster and this was where it failed. I did not have the thought process in place to make a copy of either firewall configs, during the issues, to see what was happening with them so I unfortunately do not have a copy to show here (Next time I will) Do I need to remove the cluster (I have changed it to standalone mode at the moment)

Is there any other glaring differences I should change?

1 REPLY 1
Muhammad_Haiqal

Hi @IT_Admin ,

This KB will be helpful for your to add the RMA unit back into production:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-add-a-new-FortiGate-unit-to-an-exis...

Please let me know if you need any help.

haiqal
Top Kudoed Authors