Fortinet 400 Managing individual cluster units, Synchronizing the cluster configuration

High availability Managing the HA cluster

FortiGate-400 Installation and Configuration Guide 89

Managing individual cluster units

You can manage individual cluster units by connecting to each unit’s HA interface

using either the web-based manager or the CLI. To do this, the HA interfaces of each

unit have to be configured for HTTPS and SSH management access.

You can also use the following procedure to connect to the CLI of each unit in the

cluster:

Managing individual units from the web-based manager:

1Use SSH to connect to the cluster and log into the web-based manager.

Connect to any cluster interface configured for SSH management to automatically log

into the primary unit.

You can also use a direct cable connection to log into the primary unit CLI (to do this

you must know which unit is the primary unit. See “Selecting a FortiGate unit to a

permanent primary unit” on page 91 to control which FortiGate unit becomes the

primary unit).

2Enter the following command followed by a space and type a question mark (?):

execute ha manage

A list of all of the subordinate units in the cluster is displayed. Each cluster unit in the

list is numbered, starting at 1. The information displayed for each cluster unit includes

the unit serial number and host name of the unit.

3Complete the command with the number of the subordinate unit to log into. For

example, to log into subordinate unit 1, enter the following command:

execute ha manage 1

You are connected to and logged into the CLI of the selected subordinate unit. If this

subordinate unit has a different host name, the CLI prompt changes to this host name.

You can use CLI commands to manage this subordinate unit.

4Enter the following command to return to the primary unit CLI:

exit

You can use the execute manage ha command to log into the CLI of any of the

other subordinate units in the cluster.

Synchronizing the cluster configuration

For best results when operating a cluster you should make sure that the

configurations of all of the units in the cluster remain synchronized. You can do this by

making configuration changes to the primary unit and then using the execute ha

synchronize command from each subordinate unit in an HA cluster to manually

synchronize its configuration with the primary unit. Using this command you can

synchronize the following:

Note: Note you can view and manage log messages for all cluster members. However, from the

primary unit you can only configure logging for the primary unit. To configure logging for other

units in the cluster you must manage individual cluster units.