Fortinet FortiGate 4000 Benutzerhandbuch
High availability
Advanced HA options
FortiGate-4000 Installation and Configuration Guide
95
Replacing a FortiGate unit after failover
A failover can occur because of a hardware or software problem. When a failover
occurs, you can attempt to restart the failed FortiGate unit by cycling its power. If the
FortiGate unit starts up correctly, it rejoins the HA cluster, which then continues to
function normally. If the FortiGate unit does not restart normally or does not rejoin the
HA cluster, you must take it out of the network and either reconfigure or replace it.
occurs, you can attempt to restart the failed FortiGate unit by cycling its power. If the
FortiGate unit starts up correctly, it rejoins the HA cluster, which then continues to
function normally. If the FortiGate unit does not restart normally or does not rejoin the
HA cluster, you must take it out of the network and either reconfigure or replace it.
Once the FortiGate unit is reconfigured or replaced, change its HA configuration to
match the FortiGate unit that failed and reconnect it to the network. The reconnected
FortiGate unit then automatically joins the HA cluster.
match the FortiGate unit that failed and reconnect it to the network. The reconnected
FortiGate unit then automatically joins the HA cluster.
Advanced HA options
You can configure the following advanced HA options using the FortiGate CLI:
•
•
•
Selecting a FortiGate unit as a permanent primary unit
In a typical FortiGate cluster configuration, the primary unit is selected automatically.
In some situations, you might want to control which unit becomes the primary unit. You
can select a FortiGate unit as the permanent primary unit by changing its priority and
configuring it to override any other primary unit.
In some situations, you might want to control which unit becomes the primary unit. You
can select a FortiGate unit as the permanent primary unit by changing its priority and
configuring it to override any other primary unit.
To select a permanent primary unit
1
Connect to the CLI of the FortiGate unit that you want to become the permanent
primary unit.
primary unit.
2
Set the priority of the permanent primary unit. Enter:
set system ha priority <priority_int>
Where <priority_int> is the priority to set for the permanent primary unit. The unit
set system ha priority <priority_int>
Where <priority_int> is the priority to set for the permanent primary unit. The unit
with the lowest priority becomes the primary unit. The default priority is 128. Set the
priority of the permanent primary unit to a number lower than 128.
priority of the permanent primary unit to a number lower than 128.
For example, to set the priority of the permanent primary unit to 10, enter the
command:
command:
set system ha priority 10
3
Make sure that the priority of all the other units in the cluster is higher than the priority
of the permanent primary unit.
The command get system ha mode displays the current priority of the FortiGate
of the permanent primary unit.
The command get system ha mode displays the current priority of the FortiGate
unit that you are connected to.
4
Configure the permanent primary unit to override an existing primary unit when it joins
the cluster. Use the following command to configure primary unit override:
the cluster. Use the following command to configure primary unit override:
set system ha override enable
Enable override so that the permanent primary unit overrides any other primary unit.
For example, if the permanent primary unit shuts down, one of the other units in the
cluster replaces it as the primary unit. When the permanent primary unit is restarted, it
can become the primary unit again only if override is enabled.
Enable override so that the permanent primary unit overrides any other primary unit.
For example, if the permanent primary unit shuts down, one of the other units in the
cluster replaces it as the primary unit. When the permanent primary unit is restarted, it
can become the primary unit again only if override is enabled.