Description
When connecting to a Slave unit of an HA cluster with the command execute ha manage <ID>, the CLI context will be in the HA vdom called vsys_ha by default, and inform the administrator that the unit is the Master. It will also limit the configuration display.
In the following example, FGT400-8 is the Master and FGT400-3 is the Slave:
FGT400-8 # get system ha status
Master:200 FGT400-8 FGT4002801021111 1
Slave :128 FGT400-3 FGT4002803032222 0
FGT400-8 # execute ha manage 0
FGT400-3 $
FGT400-3 $ get system status
Version: Fortigate-400 3.00,build0744,090630
[..]
Current virtual domain: vsys_ha
[..]
Current HA mode: a-p, master
See from above that the current VDOM is vsys_ha and the unit is Master
When trying to look into any configuration (except a show full-configuration) the display returns empty lists:
FGT400-3 $ show firewall policy
config firewall policy
end
Solution
The administrator must first go into an operational VDOM with the command "execute enter <vdom_name>" as shown below. If the FortiGate unit is not running in VDOM mode, the default VDOM is "root".
FGT400-3 $ execute enter root
current vdom=root:0
FGT400-3 $ get system status
Version: Fortigate-400 3.00,build0744,090630
[..]
Current virtual domain: root
[..]
Current HA mode: a-p, backup
FGT400-3 $ show firewall policy
config firewall policy
edit 1
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ANY"
next
Related Articles
Troubleshooting Note : FortiGate HA synchronization messages and cluster verification steps
