Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Fortigate Firewall M-S Cluster Failover

Hi All, 


Can anyone share good and easy document for Firmware upgradation step for master-slave firewall cluster.


Would also like to clear a confusion related to priority/failover and reboot of unit. 


We have active-passive cluster , Master unit priority is 120 and Slave priority is 119. In coming days we have a plan for Failover testing of these units. So, What is the recommended steps for failover and fallback.


As I know we can do it by reducing the Priority of Master , In our case we can reduce Master priority to 118 so that Slave unit (119) can takes over and become Master ,  and for fallback Increase the the priority of currently slave (Which was master earlier) from 118 priority to 120.


Will changing the priority of Master ... instantly trigger failover  OR devices need reboot to make the changes effective.


What is the CLI command to reboot the Slave unit ..










To me, newer version of Cookbooks are still not good enough to provide the key info like primary election flow, etc. So still come back to 6.0 Handbook HA section:


I'm not sure if changing priority value for override would trigger an election process immediately because we never used priority/override since it would cause one more outage when the cause of the original outage was resolved (switch back). But I would assume it would trigger it immediately. 

However, it would not be a good way to test HA because a priority change wouldn't happen in real fail-over situations. And the switch-back I mentioned wouldn't happen if you change the priorities.


Either the primary unit fails, or an interface/a path to destinations fails for the primary unit in reality. You should simulate those real case scenarios against how you configured HA.


Upgrading the firmware on an HA cluster is as easy as upgrading the firmware on a single unit.  You simply upgrade the firmware on the primary unit as you normally would and it takes care of upgrading the secondary unit automatically, failing over between the units automatically as each one is rebooted in turn so you have virtually no downtime:


This is the process we've always followed with our customers' A/P HA clusters and we've found it to work well.  The only thing different really vs. a single unit firmware upgrade is that it does take a little longer because both units are upgraded and rebooted in sequence, and if you're following a multi-step upgrade path you do have to wait for the cluster to re-form before doing the next firmware upgrade.


Tip: run "diag debug config-error-log read" after every firmware upgrade as a safety check to see if any part of your configuration has been dropped by the new firmware.




New Contributor III

For failover you can follow the next steps: Be sure to be connected to a Lan which is directly connected to the management network and you open ssh connections to both fw. 1. Run 'Execute reboot' on FW2 to reload the FW. 2. Once fw has rebooted, On FW1 run 'diagnose sys ha reset-uptime' (This will failover the traffic to slave FW2 and slave becomes master). 3. Run 'Execute reboot' on FW1 to reload the FW. 4. On FW2 run 'diagnose sys ha reset-uptime' (This will failover the traffic to slave FW1. FW1 retains the previous role of Master). I hope that it helps. my full hereto here https://community.spicewo...rewall-in-a-ha-cluster

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors