HA Failing Over due to ping failure - link-monitor

rpratt · ‎05-17-2022

Hi hoping someone can help me understand how to correct this issue. Replacing some Cisco routers with Fortigate firewalls and have been testing the OS in a lab environment. I have a lot of redundancy setup and everything is almost working 100% except the primary FW keeps failing back to the secondary. If I shutdown the HB link it will switch back but the second it is enable again it fails over to the secondary. If I restart the devices this does not happen until I manually trigger my link-monitor to fail in which case it switches to the secondary but from that point on is stuck. See the screen shots below for the cause of this -

Not sure why the pingsvr_failure stays at 50 or if there is a way to reset it. It gets to 50 because I manually shutdown the link to test the failover - but from that point on it is always at 50 so it essentially gets stuck on the other FW no matter what until a power cycle.

Thanks for the help!

Ryan

rpratt · ‎05-17-2022

Nevermind... after much searching I've found the answer. If anyone else is trying to wrap their heads around this the FortiGates will stop listening to their link-monitors and hold where they are until the "pingserver-flip-timeout". By default this is 60 minutes - after this time it will reevaluate which should be the primary and begin monitoring as normal.

View solution in original post

rpratt · ‎05-17-2022

Nevermind... after much searching I've found the answer. If anyone else is trying to wrap their heads around this the FortiGates will stop listening to their link-monitors and hold where they are until the "pingserver-flip-timeout". By default this is 60 minutes - after this time it will reevaluate which should be the primary and begin monitoring as normal.

HA Failing Over due to ping failure - link-monitor

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website