High availability | Managing an HA cluster |
|
|
Monitoring cluster units for failover
If the primary unit in the cluster fails, the units in the cluster renegotiate to select a new primary unit. Failure of the primary unit results in the following:
•If SNMP is enabled, the new primary FortiGate unit sends the trap message “HA switch”. This trap indicates that the primary unit in an HA cluster has failed and has been replaced with a new primary unit.
•The cluster contains fewer FortiGate units. The failed primary unit no longer appears on the Cluster Members list.
•The host name and serial number of the primary cluster unit changes.
•The new primary unit logs the following messages to the event log:
HA slave became master Detected HA member dead
If a subordinate unit fails, the cluster continues to function normally. Failure of a subordinate unit results in the following:
•The cluster contains fewer FortiGate units. The failed unit no longer appears on the Cluster Members list.
•The master unit logs the following message to the event log:
Detected HA member dead
Viewing cluster communication sessions
1Connect to the cluster and log into the
2Go to System > Status > Session.
The session table displays the sessions processed by the primary unit in the cluster, including HA communication sessions between the primary unit and the subordinate units. HA communications use:
•Port 702 as the destination port,
•From and To IP address on the 10.0.0.0 subnet.
During cluster negotiation, the HA interface of each cluster unit is assigned an IP address. The IP address of the primary unit is 10.0.0.1. The IP address of the first subordinate unit is 10.0.0.2. The IP address of the second subordinate unit is 10.0.0.3 and so on.
Managing individual cluster units
You can connect to the CLI of each unit in the cluster. This procedure describes how to log into the primary unit CLI and from there connect to the CLI of subordinate cluster units. You log into the subordinate unit with the ha_admin administrator account. This
83 |
