Hi everybody.
I'm setting up a new Fortigate HA cluster (300D) and i have a strange issue. Each time i have to reboot a node of the cluster, he came back as a standalone Fortigate.
Any idea how i can resolve that ? This is pretty annoying.
Here is the HA configuration.
config system ha
set group-name "Toto"
set mode a-p
set password ENC toto
set hbdev "mgmt1" 50 "mgmt2" 50
set session-pickup enable
set ha-mgmt-status enable
set ha-mgmt-interface "Management" <= this is actually a vlan interface
set ha-mgmt-interface-gateway x.x.x
set override disable
end
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Can you try to unset this
set ha-mgmt-interface "Management" <= this is actually a vlan interface
and dont use vlan interface just a physical
Hi,
There is some bug with HA in 5.4 soft - HA config is wiped after reload. Obviously, still not resolved yet. I recommend you to use 5.2, til there are not resolved such stupid bugs.
volkovski
Just before the reboots you perform should be enough.
However, doing a backup each time you do a change would prevent you from losing the changes performed in case of an unexpected reboot/power issue.
"Fortunately", in 5.4, you can manually backup the configuration directly to the USB, if it's already plugged in the FGT.
These type of bugs really should not end up in released software versions to be honest.
I don't reproduce it on my units so far... Gotta check with a 300D when I can find one :)
The workaround with reloading the config from USB stick is IMHO not really feasable in practice. You have of course to enable reloading from USB in the config. IIRC it then adds another reboot after loading the config - shouldn't that lead to a reboot cycle if the FGT forgets the HA config on reboot?
Same advice as @Mike, drop v5.4.1 for the moment, the 300D doesn't depend on it like the new E series, and hopefully you don't need any of it's new features. I'd be really surprised if v5.2 had the same bug.
After all, this is about getting it to work.
I agree with dropping the 5.4.1, however the downgrades (especially between 2 majors versions) can sometimes be tough and quite hazardous in my experience.
As an addition, I just did the test, and there is no reboot loop so far (of course, the usb stick was kept plugged!). It was the case in the old versions, but it doensn't seem to be the case anymore.
As an addition the auto-install-config is enabled by default.
My environment has 300D's in HA (active passive) and this issue does not occur. Seems to be hit or miss on who it causes problems for.
Mike Pruett
Hi Can you try to unset this
set ha-mgmt-interface "Management" <= this is actually a vlan interface
and dont use vlan interface just a physical
Ok
I removed the management interface in the cluster HA configuration then i rebooted the cluster => HA still ON.
I don't really have spare interface to use as management on this 300D so i'll just connect through the LAN interface.
I'll only allow the management network to connect to the Fortigate instead, that should do the tricks.
Thanks for the tips !
note to self: the solution was the very first reply to this post.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.