FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 191160

This article describes the recommended methods of manually triggering a failover for FortiGate virtual cluster

Virtual clustering overview

VDOM partitioning:

VDOM partitioning is the process of selectively setting the master cluster unit as the primary unit for VDOMs and setting the other cluster units as the primary unit for other VDOMs.

All traffic for a VDOM is processed by the primary unit for that VDOM.

Distribution of VDOM traffic between the cluster units is done by selecting the primary VDOM for the specific cluster unit.


Note : VDOM partitioning should not be treated as a manual method of triggering HA failover or primary unit selection process. Enabling VDOM partitioning causes a configuration changes (which need time to synchronise), Failing over Fortigate HA using the GUI VDOM partitioning within short periods of time might cause "unexpected" behaviour.

Recommended Failover Methods for Virtual Clusters
- Change the device priority on the selected cluster
- Shutting down/disconnect the monitored interfaces on the virtual cluster.

A cluster always renegotiates HA when a monitored interface fails or is disconnected.
Controlling primary unit selection by changing the device priority:
- Set a different device priority for each cluster unit.

- During negotiation, if all monitored interfaces are connected and “override is enabled”, the cluster with the highest device priority becomes the primary unit.