Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
droehrig
New Contributor II

Reboot after File System Check

So I am new at this (well was kinda forced into doing this) and after someone pulled the power plug on one of our 501E Fortigates (we have 2 HA) it had the warning to do a File System Check. So its came in today (Saturday) to do this. The Slave became the master. But what I want to know if when will you know when its done running a file system check? Also will it revert back to the original HA Master Slave setup before the check (will the original Master change back and take over). I am running 6.2.2 at the moment and was going to be updating as well if possible today. Any help, guidance would so greatly appreciated!

 

Thanks,

Donna

3 REPLIES 3
boneyard
Valued Contributor

you can only see that if you are connected to the console interface, the check itself is done before you can access the OS to check via SSH.

 

when the message is gone you can assume it happened.

 

as for fallback or keep on the former slave depends on your settings.

 

default it won't fallback as it uses the uptime as one of the things to determine which firewall should be master. higher uptime is better so, the rebooted former master will be less interessting

 

if you can perform the command below (remove infortmation you dont want to share, i.e. secret, name, ...) it should be possible to tell which mode is used.

 

show system ha

Markus
Valued Contributor

as boneyard mentioned, it depends on your ha settings. If you want manual controll of which device is master, set ha override enabled. The device with the higher device priority will then always change back to master.


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
ede_pfau
Esteemed Contributor III

If you kindly take an advice / best practice: configure both units to be equally priviledged, that is, prevent a fail-back after a failover. As both units are fully synchronized at all times, it doesn't matter at all which unit is master and which is slave. The advantage of treating them equally is that there won't be a second drop in sessions (at the very least IPsec sessions).

So:

[ul]
  • no "override" enabled
  • identical priority
  • identical link monitors[/ul]

     

    This whole situation IMHO is annoying. Nobody with even a basic understanding of firewalls would just pull the plug. Non-professionals should not be allowed physical access to this kind of network equipment - IT security begins with physical access control.


  • Ede

    "Kernel panic: Aiee, killing interrupt handler!"
    Ede"Kernel panic: Aiee, killing interrupt handler!"
    Labels
    Top Kudoed Authors