Hi community,
I have upgraded an active/standby cluster of two FortiGates, but the process is the opposite that what I thought. The cluster HA override setting is disabled, so the uptime takes precedence over the firewall priority. This is my initial setup:
FG-SPB01 - Priority 128 -> Primary
FG-SPB02 - Priority 129 -> Secondary
When I upgraded, the secondary firewall upgraded first and rebooted, and I saw the following (FG-SPB02 doesn't appear because it was rebooting):
So far it is OK. After that, when the primary firewall upgraded and rebooted, I saw the following (FG-SPB01 after rebooting and up):
So here, we see FG-SPB01 has higher uptime but it has the secondary role, while FG-SPB02 has lower uptime and it has taken the primary role. Is it OK? Shouldn't be the opposite? What am I missing?
Regards,
Julián
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello fjulianom,
Thank you for contacting Fortinet Forum
Please check the below document
If the Cluster age difference margin less than 5 minutes, then priority will take precedence.
Thanks
sasikumar.S
Hello fjulianom,
Thank you for contacting Fortinet Forum
Please check the below document
If the Cluster age difference margin less than 5 minutes, then priority will take precedence.
Thanks
sasikumar.S
Hi guys,
That explains the behaviour. That is not explained between in the certification guide. Thanks very much.
Regards,
Julián
If the priority is the same (no override) the unit with the highest S/N becomes (your case, comes back to) the primary if the uptime difference is less than 5 min as in the flow chart in the doc sasikumar referred to.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.