Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dilic
New Contributor II

Promote Slave to Master within 2 node failover HA cluster?

Hello.

Is there an easy way to promote or change HA roles from SLAVE to MASTER in Fortigate (800c) 2 nodes HA failover cluster, within Fortigate gui or cmd commands/configuration?  

2 Solutions
Robin_Svanberg
Contributor

dilic wrote:

Hello.

Is there an easy way to promote or change HA roles from SLAVE to MASTER in Fortigate (800c) 2 nodes HA failover cluster, within Fortigate gui or cmd commands/configuration?  

Per default (If you haven´t enabled device priority override") the HA Master election is based on the following:

 

1. Monitored port

2. System Uptime, the one that has been up for the longest time

3. Unit Priority, the one with the highest priority is master

4. Serialnumber, the highest serial number is master

 

The easiest way is to reset the uptime on the master by running the command "diagnose sys ha reset-uptime". If you change the priority a failover will not occur.

 

If you have enabled device priority override the system uptime isn´t part of the election and it will in that case use the Unit priority number.

 

A reboot of the primary unit will also cause a failover :) But if you have enabled device priority override the unit with the highest priority will be the master when it´s back online.

 

 

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

 

robin.svanberg@ethersec.se

View solution in original post

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden robin.svanberg@ethersec.se
dilic

Robin Svanberg wrote:

dilic wrote:

Hello.

Is there an easy way to promote or change HA roles from SLAVE to MASTER in Fortigate (800c) 2 nodes HA failover cluster, within Fortigate gui or cmd commands/configuration?  

Per default (If you haven´t enabled device priority override") the HA Master election is based on the following:

 

1. Monitored port

2. System Uptime, the one that has been up for the longest time

3. Unit Priority, the one with the highest priority is master

4. Serialnumber, the highest serial number is master

 

The easiest way is to reset the uptime on the master by running the command "diagnose sys ha reset-uptime". If you change the priority a failover will not occur.

 

If you have enabled device priority override the system uptime isn´t part of the election and it will in that case use the Unit priority number.

 

A reboot of the primary unit will also cause a failover :) But if you have enabled device priority override the unit with the highest priority will be the master when it´s back online.

 

Hmm,

I didn't enabled device priority override. So, if  I just execute "diagnose sys ha reset-uptime" in cmd shell, that will do the trick. Cause I'm on the MASTER node by default in HA failover cluster.  

 

Or I'm must go first on Master node by executing commands:

 

#config global

# get system ha status

     Model: FortiGate-800C      Mode: a-p      Group: 0      Debug: 0      ses_pickup: enable, ses_pickup_delay=disable      Master:130 CWa01 FG800Cxxxxxxxxx7 1      Slave :140 CWb01 FG800Cxxxxxxxxx9 0      number of vcluster: 1      vcluster 1: work 169.254.0.2      Master:0 FG800Cxxxxxxxxx7      Slave :1 FG800Cxxxxxxxxx9

# exec ha manage 1

# diagnose sys ha reset-uptime

 

Please confirm right procedure ...

As you can see, node which I want to promote to MASTER, has alredy  higher priority (140) ...

 

 

 

 

View solution in original post

12 REPLIES 12
ede_pfau
Esteemed Contributor III

OK, thanks for clarifying. "immediately enables" for me does not translate to "switches".


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
nbctcp
New Contributor III

"diagnose sys ha set-as-master enable" no longer available on 6.2.2

any alternative command

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
scerazy
New Contributor III

diagnose sys ha reset-uptime

and

diagnose sys ha checksum recalculate

 

I can run it on current master (secondary unit in ha), but absolutely nothing happens

 

Rebooted my current slave (Primary unit with higher priority), still nothing, no master/slave flip

 

Version: FortiGate-300E v6.4.6,build1879,210520 (GA)

Labels
Top Kudoed Authors