Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fjulianom
New Contributor III

HA override and cluster upgrade

Hi community,

 

I have upgraded an active/standby cluster of two FortiGates, but the process is the opposite that what I thought. The cluster HA override setting is disabled, so the uptime takes precedence over the firewall priority. This is my initial setup:

 

FG-SPB01 - Priority 128 -> Primary

FG-SPB02 - Priority 129 -> Secondary

 

When I upgraded, the secondary firewall upgraded first and rebooted, and I saw the following (FG-SPB02 doesn't appear because it was rebooting):

ha1.jpg

 

So far it is OK. After that, when the primary firewall upgraded and rebooted, I saw the following (FG-SPB01 after rebooting and up):

ha2.jpg

 

So here, we see FG-SPB01 has higher uptime but it has the secondary role, while FG-SPB02 has lower uptime and it has taken the primary role. Is it OK? Shouldn't be the opposite? What am I missing?

 

Regards,

Julián

1 Solution
subramanis
Staff
Staff

Hello fjulianom,

Thank you for contacting Fortinet Forum

Please check the below document

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-overr...

If the Cluster age difference margin less than 5 minutes, then priority will take precedence.

 

Thanks

sasikumar.S

 

View solution in original post

3 REPLIES 3
subramanis
Staff
Staff

Hello fjulianom,

Thank you for contacting Fortinet Forum

Please check the below document

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-overr...

If the Cluster age difference margin less than 5 minutes, then priority will take precedence.

 

Thanks

sasikumar.S

 

fjulianom
New Contributor III

Hi guys,

 

That explains the behaviour. That is not explained between in the certification guide. Thanks very much.

 

Regards,

Julián

Toshi_Esumi
Esteemed Contributor III

If the priority is the same (no override) the unit with the highest S/N becomes (your case, comes back to) the primary if the uptime difference is less than 5 min as in the flow chart in the doc sasikumar referred to.

 

Toshi

Labels
Top Kudoed Authors