FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff
Article Id 192218
Description
This article explains how to disconnect a unit from a cluster without disrupting the operation of the cluster.

Solution
1) Use the following procedure for versions V5.2 & V5.4:

- Log to the master unit.
- Go to system HA, the list of units in the cluster will be displayed.  Any unit can be disconnected.
- Select the unit to disconnect, and use the disconnect button: 

edgar_iconDisc.png
- Select the interface to be configured.
- Configure the IP address and netmask.
   After the unit is disconnected the HA mode is changed to standalone, all interface IP address of the unit are set to 0.0.0.0 except the interface that is configured and it will have all management access options enable.
- Select 'OK'. The cluster responds as if the disconnected unit has failed.
edgar_cluster member.png
Use the following command to do this from the CLI:

    #execute ha disconnect FGT90D3Zxxxxxxxx internal 192.168.1.99 255.255.255.0

This command will disconnect the FortiGate with the serial number FGT90D3Zxxxxxxxx, it is going to set up the internal interface with the IP  192.168.1.99 and netmask 255.255.255.0


2) Use the following procedure for versions V5.6 to V6.2:

- Log to the master unit.

- Go to system HA, the list of units in the cluster will be displayed.
- Select the unit to disconnect, and Click on the button: 


- Once done, select
the interface to be configured on the pop-up window.
- Configure the IP address and netmask. 
  After the unit is disconnected the HA mode is changed to standalone, all interface IP address of the unit are set to 0.0.0.0 except the interface that is configured and it will have all management   acess options enable.
- Select 'OK'. The cluster responds as if the disconnected unit has failed.


Use the following command to do this from the CLI:
#execute ha disconnect FGT800Dxxxxxxxx internal 192.168.1.2 255.255.255.0
This command will disconnect the FortiGate with the serial number FGT800Dxxxxxxxx, it is going to set up the internal interface with the IP  192.168.1.2 and netmask 255.255.255.0

Related Articles

Identity-based-route

Wireless client load balancing

Technical Note: How FortiGate can block Duolingo in different ways. Blocks web application.

Technical Note: Application Control with Explicit Proxy policy error

Technical Tip: How to block by country or geolocation

Contributors