High availability

Managing the HA cluster

 

 

Note: Note you can view and manage log messages for all cluster members. However, from the primary unit you can only configure logging for the primary unit. To configure logging for other units in the cluster you must manage individual cluster units.

Managing individual cluster units

You can manage individual cluster units by connecting to each unit’s HA interface using either the web-based manager or the CLI. To do this, the HA interfaces of each unit have to be configured for HTTPS and SSH management access.

You can also use the following procedure to connect to the CLI of each unit in the cluster:

Managing individual units from the web-based manager:

1Use SSH to connect to the cluster and log into the web-based manager.

Connect to any cluster interface configured for SSH management to automatically log into the primary unit.

You can also use a direct cable connection to log into the primary unit CLI (to do this you must know which unit is the primary unit. See “Selecting a FortiGate unit to a permanent primary unit” on page 91 to control which FortiGate unit becomes the primary unit).

2Enter the following command followed by a space and type a question mark (?):

execute ha manage

A list of all of the subordinate units in the cluster is displayed. Each cluster unit in the list is numbered, starting at 1. The information displayed for each cluster unit includes the unit serial number and host name of the unit.

3Complete the command with the number of the subordinate unit to log into. For example, to log into subordinate unit 1, enter the following command:

execute ha manage 1

You are connected to and logged into the CLI of the selected subordinate unit. If this subordinate unit has a different host name, the CLI prompt changes to this host name. You can use CLI commands to manage this subordinate unit.

4Enter the following command to return to the primary unit CLI:

exit

You can use the execute manage ha command to log into the CLI of any of the other subordinate units in the cluster.

Synchronizing the cluster configuration

For best results when operating a cluster you should make sure that the configurations of all of the units in the cluster remain synchronized. You can do this by making configuration changes to the primary unit and then using the execute ha synchronize command from each subordinate unit in an HA cluster to manually synchronize its configuration with the primary unit. Using this command you can synchronize the following:

FortiGate-400 Installation and Configuration Guide

89

Page 88 Page 90
Page 89
Image 89
Fortinet 400 manual Managing individual cluster units, Synchronizing the cluster configuration
Page 88 Page 90
Top Page Image Contents