Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nbctcp
New Contributor III

Created on ‎12-16-2019 05:40 PM

Remove HA Cluster

SW INFO: -FortiOS 6.2.2 Eval License

 

I want to ask simple question.

How to remove HA cluster from CLI (I think can't do from GUI) beside factoryreset or revision restore

 

tq UPDATE1: -can be solved by make it Standalone

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

 

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
16647
0 Kudos
6 REPLIES 6
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-16-2019 08:18 PM

To get a proper answer you want, you need to explain how your HA setup looks like. Is it only two unit a-p or a-a setup? And want to break them and operate only one? Breaking HA is as simple as making one of them a standalone or even just disconnecting the heartbeat cable(s). But some consequences will follow because both of them would start acting as own master/standalone without considering the other side.

12526
0 Kudos
nbctcp
New Contributor III
In response to Toshi_Esumi

Created on ‎12-16-2019 08:24 PM

That interesting answer

My scenario are

1 Master and 1 Slave

mode a-p

 

STEPS TAKEN: 1. create FW1 as master

2. join FW2 as member of HA Cluster

3. now FW2 become slave

4. I disjoint FW2 form cluster

here I haven't make FW2 as standalone

5. change FW1 from master to standalone

 

QUESTIONS:

1. is that right procedure to remove cluster in a-p mode

2. what is the right procedure in a-a mode

3. 

even just disconnecting the heartbeat cable(s). But some consequences will follow because both of them would start acting as own master/standalone without considering the other side

 do you mean split brain, if just diconnecting HeartBeat?

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

 

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
12526
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to nbctcp

Created on ‎12-16-2019 09:14 PM

Yes, of course. Did you mean "isolating FW2 network-wise" by "disjoin FW2"? Then, you should be fine.

12526
0 Kudos
MOKADEM_a
New Contributor

Created on ‎02-11-2022 03:53 PM

1/ disable the HA interfaces of the primary fortigate
2/ change the ip address of one of the fortigates to make the difference
3/ change the HA mode to Standalone in both fortigates

11541
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎02-13-2022 03:51 AM

Before anybody tries a simple 'set ha-mode standalone' in a production environment, watch out! You need to isolate the slave unit from the network(s) first, either by shutting it down ('exec shut' in slave CLI), or by pulling all cables. Otherwise, you will have 2 routers/firewalls on the net with identical IP addresses and MAC addresses (a.k.a. 'split brain').

 

Explictely, disabling the/all HA interface(s) will lead to chaos if both units are still fully connected to the networks.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
11525
MOKADEM_a
New Contributor
In response to ede_pfau

Created on ‎02-13-2022 10:26 AM

Yes, you have reason.

11518
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.