Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
piaakit1210
New Contributor III

Created on ‎12-15-2023 09:50 AM

HA Active Active the secondary devices stop to have network connectivity

Dear All,

 

             I have an ugent issue, after the 2 fortigate 201F configured in HA Active Active, the secondary devices stop to have network connectivity, not even the mgmt interface, i can not ping and access to the secondary devices, i have tried to factory reset the secondary device and form the HA again, and issue still exist, and i followed below video to do the HA, any help would be appreicated 

 

https://www.youtube.com/watch?v=j25SwFGa76M

 

piaakit

Labels:
1330
0 Kudos
1 Solution
anignan
Staff
Staff

Created on ‎12-15-2023 11:27 AM

Hi @piaakit1210 ,

 

I think you should check your network design because no matter the HA mode only one device is the primary .. HA is just for resource sharing. you cannot have servers only connected to slave and not to primary. They must all connect to both devices and there will be a virtual mac address shared between both member and only the primary will reply to arp request..

 

Abdel

View solution in original post

1080
0 Kudos
17 REPLIES 17
anignan
Staff
Staff

Created on ‎12-15-2023 10:39 AM

If possible just power cycle both and update

631
0 Kudos
piaakit1210
New Contributor III

Created on ‎12-15-2023 10:43 AM

it comes back online and in-sync, but its still no networking connectivity with all the interfaces

630
0 Kudos
anignan
Staff
Staff

Created on ‎12-15-2023 10:46 AM

What do mean no network connectivity?

Please try set it to Active-passive and lets see

628
0 Kudos
piaakit1210
New Contributor III

Created on ‎12-15-2023 10:52 AM

whatever port i connected to in the 2nd device, i can not ping or web console at all to the device, not even in mgmt, in the primary device in thoses interfaces i suppose has dhcp enabled, but when i connect cable to these port, no ip obtained, and i assign ip to my laptop and try ping these interfaces in the 2nd device, its doesnt reach at all 

626
0 Kudos
anignan
Staff
Staff

Created on ‎12-15-2023 10:56 AM

This is completely normal the cluster is Active-Active but there is still a master which handle the traffic. Only the master will reply to ARP request and the master will decide which traffic will be processed by the secondary for resource sharing.

 

Abdel 

624
0 Kudos
anignan
Staff
Staff

Created on ‎12-15-2023 11:09 AM

You should be able to connect to the secondary with mgmt port just make sure you have the correct ip address and also a static IP on the same subnet in the management PC

 

Abdel

611
0 Kudos
piaakit1210
New Contributor III

Created on ‎12-15-2023 11:12 AM

in our case, the 2 devices will be located at 2 different rooms and have ha connected, if this is the case, the 2nd device will not have any connectivity, since there are some switches and servers connected to this 2nd device, since there is one default gateway, computer will look for the primary device for internet routing, can you explain to me the different between active - active and active - passive ? sorry i'm new in networking, thanks

 

piaakit

610
0 Kudos
anignan
Staff
Staff

Created on ‎12-15-2023 11:27 AM

Hi @piaakit1210 ,

 

I think you should check your network design because no matter the HA mode only one device is the primary .. HA is just for resource sharing. you cannot have servers only connected to slave and not to primary. They must all connect to both devices and there will be a virtual mac address shared between both member and only the primary will reply to arp request..

 

Abdel

1081
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.