Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fjulianom
New Contributor III

Created on ‎03-20-2023 08:04 AM

HA override and cluster upgrade

Hi community,

 

I have upgraded an active/standby cluster of two FortiGates, but the process is the opposite that what I thought. The cluster HA override setting is disabled, so the uptime takes precedence over the firewall priority. This is my initial setup:

 

FG-SPB01 - Priority 128 -> Primary

FG-SPB02 - Priority 129 -> Secondary

 

When I upgraded, the secondary firewall upgraded first and rebooted, and I saw the following (FG-SPB02 doesn't appear because it was rebooting):

ha1.jpg

 

So far it is OK. After that, when the primary firewall upgraded and rebooted, I saw the following (FG-SPB01 after rebooting and up):

ha2.jpg

 

So here, we see FG-SPB01 has higher uptime but it has the secondary role, while FG-SPB02 has lower uptime and it has taken the primary role. Is it OK? Shouldn't be the opposite? What am I missing?

 

Regards,

Julián

Labels:
2454
0 Kudos
1 Solution
subramanis
Staff
Staff

Created on ‎03-20-2023 08:22 AM

Hello fjulianom,

Thank you for contacting Fortinet Forum

Please check the below document

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-overr...

If the Cluster age difference margin less than 5 minutes, then priority will take precedence.

 

Thanks

sasikumar.S

 

View solution in original post

2448
3 REPLIES 3
subramanis
Staff
Staff

Created on ‎03-20-2023 08:22 AM

Hello fjulianom,

Thank you for contacting Fortinet Forum

Please check the below document

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-overr...

If the Cluster age difference margin less than 5 minutes, then priority will take precedence.

 

Thanks

sasikumar.S

 

2449
fjulianom
New Contributor III
In response to subramanis

Created on ‎03-22-2023 03:31 AM

Hi guys,

 

That explains the behaviour. That is not explained between in the certification guide. Thanks very much.

 

Regards,

Julián

2396
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-20-2023 08:30 AM

If the priority is the same (no override) the unit with the highest S/N becomes (your case, comes back to) the primary if the uptime difference is less than 5 min as in the flow chart in the doc sasikumar referred to.

 

Toshi

2445
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.