[HA Issue][v5.4.1] Going back to standalone after a reboot.

AlexandreL · ‎09-05-2016

Hi everybody.

I'm setting up a new Fortigate HA cluster (300D) and i have a strange issue. Each time i have to reboot a node of the cluster, he came back as a standalone Fortigate.

Any idea how i can resolve that ? This is pretty annoying.

Here is the HA configuration.

config system ha
set group-name "Toto"
set mode a-p
set password ENC toto
set hbdev "mgmt1" 50 "mgmt2" 50 
set session-pickup enable
set ha-mgmt-status enable
set ha-mgmt-interface "Management" <= this is actually a vlan interface
set ha-mgmt-interface-gateway x.x.x
set override disable
end

pyy · ‎09-07-2016

Hi Can you try to unset this

set ha-mgmt-interface "Management" <= this is actually a vlan interface

and dont use vlan interface just a physical

View solution in original post

volkovski · ‎09-07-2016

Hi,

There is some bug with HA in 5.4 soft - HA config is wiped after reload. Obviously, still not resolved yet. I recommend you to use 5.2, til there are not resolved such stupid bugs.

volkovski

michaelbazy_FTNT · ‎09-07-2016

Just before the reboots you perform should be enough.

However, doing a backup each time you do a change would prevent you from losing the changes performed in case of an unexpected reboot/power issue.

"Fortunately", in 5.4, you can manually backup the configuration directly to the USB, if it's already plugged in the FGT.

I'm operating by "Crocker's Rules"

MrSinners · ‎09-07-2016

These type of bugs really should not end up in released software versions to be honest.

michaelbazy_FTNT · ‎09-07-2016

I don't reproduce it on my units so far... Gotta check with a 300D when I can find one :)

I'm operating by "Crocker's Rules"

ede_pfau · ‎09-07-2016

The workaround with reloading the config from USB stick is IMHO not really feasable in practice. You have of course to enable reloading from USB in the config. IIRC it then adds another reboot after loading the config - shouldn't that lead to a reboot cycle if the FGT forgets the HA config on reboot?

Same advice as @Mike, drop v5.4.1 for the moment, the 300D doesn't depend on it like the new E series, and hopefully you don't need any of it's new features. I'd be really surprised if v5.2 had the same bug.

After all, this is about getting it to work.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

michaelbazy_FTNT · ‎09-07-2016

I agree with dropping the 5.4.1, however the downgrades (especially between 2 majors versions) can sometimes be tough and quite hazardous in my experience.

As an addition, I just did the test, and there is no reboot loop so far (of course, the usb stick was kept plugged!). It was the case in the old versions, but it doensn't seem to be the case anymore.

As an addition the auto-install-config is enabled by default.

I'm operating by "Crocker's Rules"

MikePruett · ‎09-07-2016

My environment has 300D's in HA (active passive) and this issue does not occur. Seems to be hit or miss on who it causes problems for.

Mike Pruett

Fortinet GURU | Fortinet Training Videos

pyy · ‎09-07-2016

Hi Can you try to unset this

set ha-mgmt-interface "Management" <= this is actually a vlan interface

and dont use vlan interface just a physical

AlexandreL · ‎09-08-2016

Ok

I removed the management interface in the cluster HA configuration then i rebooted the cluster => HA still ON.

I don't really have spare interface to use as management on this 300D so i'll just connect through the LAN interface.

I'll only allow the management network to connect to the Fortigate instead, that should do the tricks.

Thanks for the tips !

ede_pfau · ‎09-09-2016

note to self: the solution was the very first reply to this post.

Ede

"Kernel panic: Aiee, killing interrupt handler!"