Description

This article describes the recommended methods of manually triggering a failover for FortiGate virtual cluster

Solution
Virtual clustering overview

VDOM partitioning:

VDOM partitioning is the process of selectively setting the master cluster unit as the primary unit for VDOMs and setting the other cluster units as the primary unit for other VDOMs.

All traffic for a VDOM is processed by the primary unit for that VDOM.

Distribution of VDOM traffic between the cluster units is done by selecting the primary VDOM for the specific cluster unit.

 In the following image, there are two Virtual Clusters (1 and 2) where only vdom TEST2 is member of Virtual Cluster 2:

In the Virtual cluster 2, the FW2 is the primary unit for the VDOM TEST2:

To change the primary unit from FW2 to FW1 in the Virtual Cluster 2 just decrease the priority by selecting 'Edit' and then confirm:

The FW1 becomes the primary unit for both clusters:

Note: VDOM partitioning should not be treated as a manual method of triggering HA failover or primary unit selection process. Enabling VDOM partitioning causes a configuration changes (which need time to synchronise), Failing over Fortigate HA using the GUI VDOM partitioning within short periods of time might cause 'unexpected' behaviour.

Recommended Failover Methods for Virtual Clusters:

• Change the device priority on the selected cluster, as shown above.
• Shutting down/disconnect the monitored interfaces on the virtual cluster.

A cluster always renegotiates HA when a monitored interface fails or is disconnected.
 
Controlling primary unit selection by changing the device priority:

• Set a different device priority for each cluster unit.
• During negotiation, if all monitored interfaces are connected and 'override is enabled', the cluster with the highest device priority becomes the primary unit.