Fortinet 400 90 , Returning to standalone configuration, Replacing a FortiGate unit after fail-over

90 Fortinet Inc.

Managing the HA cluster High availabili ty

Use the following procedure to make configuration changes to the primary FortiGate

unit and then synchronize the configuration of the subordinate units.

1Connect to the cluster and log into the web-based manager or CLI.

2Make configuration changes as required.

3Connect to the CLI of each of the subordinate units in the cluster.

To connect to subordinate units, see “Managing individual cluster units” on page89.

4Use the execute ha synchronize command to synchronize the configuration of

the subordinate unit.

5Repeat steps 3 and 4 for all of the subordinate units in the HA cluster.

Returning to standalone configuration

Repeat this procedure for each FortiGate unit in the HA cluster. To return to

standalone configuration:

1Connect to the web-based manager.

2Go to System > Config > HA.

3Select Standalone Mode and select Apply.

The FortiGate unit exits from HA mode and returns to standalone mode.

Replacing a FortiGate unit after fail-over

A failover can occur due to a hardware or software problem. When a failover occurs,

you can attempt to restart the failed FortiGate unit by cycling its power. If the FortiGate

unit starts up correctly, it rejoins the HA cluster, which then continues to function

normally. If the FortiGate unit does not restart normally or does not rejoin the HA

cluster, you must take it out of the network and either reconfigure or replace it.

Once the FortiGate unit is reconfigured or replaced, change its HA configuration to

match that of the FortiGate unit that failed and connect it back into the network. The

reconnected FortiGate unit then automatically joins the HA cluster.

Table 16: execute ha synchronize keywords

Keyword Description

config Synchronize the FortiGate configuration. This includes normal system

configuration, firewall configuration, VPN configuration and so on stored in the

FortiGate configuration file.

avupd Synchronize the antivirus engine and antivirus definitions received by the

primary unit from the FortiResponse Distribution Network (FDN).

attackdef Synchronize NIDS attack definition updates received by the primary unit from

the FDN.

weblists Synchronize web filter lists added to or changed on the primary unit.

emaillists Synchronize email filter lists added to or changed on the primary unit.

resmsg Synchronize replacement messages changed on the primary unit.

ca Synchronize CA certificates added to the primary unit.

localcert Synchronize local certificates added to the primary unit.

all Synchronize all of the above.