Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
myasin
New Contributor

Fortimanager HA Behavior

Hi

 

A couple of questions about Fortimanager HA cluster behavior;

 

1- Per to guides, they stated that:

[style="background-color: #ffff00;"](If the primary FortiManager unit fails you must manually configure one of the backup units to become the primary unit.[/style] [style="background-color: #ffff00;"]The new primary unit will have the same IP addresses as it did when it was the backup unit.)[/style]

 Does this mean that there is no auto-failover, and the backup unit will not get the primary unit IP address?

[style="background-color: #ffffff;"] [/style]In this case the managed devices will loss connectivity to FM and we have to build a new connection based on the backup unit IP...

 

2- when configuring HA, does every node keep its interfaces IPs, or they will share the primary unit interfaces IPs?

 

Thanks

 

1 Solution
chall_FTNT
Staff
Staff

>  Does this mean that there is no auto-failover, and the backup unit will not get the primary unit IP address?

 

Correct.  You must manually promote one of the slave FMG units to the master role.  Each cluster member has a unique IP]

> In this case the managed devices will loss connectivity to FM and we have to build a new connection based on the backup unit IP...

 

Yes, unless you have configured the FortiGates with multiple FMG IPs, a feature introduced into the FortiOS CLI starting in FortiOS 5.6.

  > 2- when configuring HA, does every node keep its interfaces IPs, or they will share the primary unit interfaces IPs?

 

Separate IPs

Chris Hall
Fortinet Technical Support

View solution in original post

1 REPLY 1
chall_FTNT
Staff
Staff

>  Does this mean that there is no auto-failover, and the backup unit will not get the primary unit IP address?

 

Correct.  You must manually promote one of the slave FMG units to the master role.  Each cluster member has a unique IP]

> In this case the managed devices will loss connectivity to FM and we have to build a new connection based on the backup unit IP...

 

Yes, unless you have configured the FortiGates with multiple FMG IPs, a feature introduced into the FortiOS CLI starting in FortiOS 5.6.

  > 2- when configuring HA, does every node keep its interfaces IPs, or they will share the primary unit interfaces IPs?

 

Separate IPs

Chris Hall
Fortinet Technical Support
Labels
Top Kudoed Authors