This article describes the behavior of FortiGate configured with HA (either Active-Active or Active-Passive mode) when the monitored interface is shut down manually by an Administrator.
Table of Contents
Scope
FortiGate in HA.
Solution
Shutting down the interface administratively on the Primary device will be synchronized on the Secondary device.
When the monitored interface has been manually shut down on the Primary device, the Secondary device takes over the Primary role only until the configuration is synchronized.
FGVM04TM24000444
Fortinet1 # show sys ha config system ha set group-name "Cluster1" set mode a-p set password ENC ***
set hbdev “port2” 10
set override disable
set priority 200
set monitor “port1”
end
FGVM04TM24000443
Fortinet2 # show sys ha config system ha set group-name "Cluster1" set mode a-p set password ENC *** set hbdev "port2" 10 set override disable set priority 100 set monitor "port1" end Fortinet1 # diag sys ha history read HA state change time: 2024-08-11 16:23:32 <2024-08-11 16:23:32> FGVM04TM24000444 is elected as the cluster primary of 2 member <2024-08-11 16:23:31> FGVM04TM24000443 is elected as the cluster primary of 2 member <2024-08-11 16:23:31> port port1 link status changed: 1->0 Fortinet2 # diag sys ha history read HA state change time: 2024-08-11 16:23:32 <2024-08-11 16:23:32> FGVM04TM24000444 is elected as the cluster primary of 2 member <2024-08-11 16:23:32> port port1 link status changed: 1->0 <2024-08-11 16:23:31> FGVM04TM24000443 is elected as the cluster primary of 2 member
On the Primary device (Fortinet1-FGVM04TM24000444), it detected that port1’s link status is down (‘1 -> 0’) at timestamp 16:23:31, Then the Secondary device(Fortinet2-FGVM04TM24000443) has become the primary for a few seconds until the configuration is synchronized at 16:23:32.
At the same time, the Primary device will take the Primary role again since both devices on the cluster have the port1 interface manually shutdown.