Thanks for the article; however, Forti TAC is asking me to make sure the Primary is shutdown because we have to force an ISDB database update to the secondary and they want to make sure the Primary is completely out of the picture. This is why I want to be certain that the Primary is shutdown gracefully after the failover. Once we run the forced update "execute update-now" we will unseat and reseat the power chords to the Primary so it takes over once again.
Is there a follow up command to shutting down the primary after the secondary has taken over?
we may have different opinion and point-of-view how we see the thing is done. But for me, just to make slave become primary in A-P configuration - should not cause the failover as long as all parameter is well maintained like monitoring port, uptime, and so fort. But ya, shutdown the primary which now acts as slave would impact no traffic.
Thank you, Aleksandar. This is exactly what I was looking for verification on since I do not have any lab HA pair and I have to do this on customer production systems. I will use the CLI method of "execute shutdown" and then log back in and now the secondary is the Master.
Once I unseat and reseat the Primary FortiGate device, that should pick back up as the Master since it has a higher priority.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.