So I am new at this (well was kinda forced into doing this) and after someone pulled the power plug on one of our 501E Fortigates (we have 2 HA) it had the warning to do a File System Check. So its came in today (Saturday) to do this. The Slave became the master. But what I want to know if when will you know when its done running a file system check? Also will it revert back to the original HA Master Slave setup before the check (will the original Master change back and take over). I am running 6.2.2 at the moment and was going to be updating as well if possible today. Any help, guidance would so greatly appreciated!
Thanks,
Donna
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
you can only see that if you are connected to the console interface, the check itself is done before you can access the OS to check via SSH.
when the message is gone you can assume it happened.
as for fallback or keep on the former slave depends on your settings.
default it won't fallback as it uses the uptime as one of the things to determine which firewall should be master. higher uptime is better so, the rebooted former master will be less interessting
if you can perform the command below (remove infortmation you dont want to share, i.e. secret, name, ...) it should be possible to tell which mode is used.
show system ha
as boneyard mentioned, it depends on your ha settings. If you want manual controll of which device is master, set ha override enabled. The device with the higher device priority will then always change back to master.
________________________________________________________
--- NSE 4 ---
________________________________________________________
If you kindly take an advice / best practice: configure both units to be equally priviledged, that is, prevent a fail-back after a failover. As both units are fully synchronized at all times, it doesn't matter at all which unit is master and which is slave. The advantage of treating them equally is that there won't be a second drop in sessions (at the very least IPsec sessions).
So:
[ul]
This whole situation IMHO is annoying. Nobody with even a basic understanding of firewalls would just pull the plug. Non-professionals should not be allowed physical access to this kind of network equipment - IT security begins with physical access control.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.