Fortigate Failover
Posted by Greeney, John on 07 July 2020 08:10 AM

Fortigate Failover FAQ

Current setup: Two fortigates running in HA mode, using direct fiber on port 16 for the heartbeat link. 

Software version 5.4.5

Fortigates use "uptime" as a determination for Master/Slave, and will ignore all other soft settings.  Unplugging a link, however, will superceed this.

If the fortigate has failed over from Aquinas to Kaplan, you cannot simply reboot the Kaplan side.   You must do the following in order(Plan for about an hour outage):

1. Power off the Kaplan Fortigate

2. reseat all the network connectors on the Aquinas Fortigate.  (this should trigger MAC updated messages in Orion, to indicate the core switch is now sending data to the correct HA member). 

3. Wait 5 minutes +- for DNS to wake up, and confirm everything is working.

4.  As of this writing, I had unplugged all the connections from the Kaplan side except for the heartbeat when I initially brought it up.  After confirming everything worked for a week, I plugged them back in with no issues.  Theorhetically, you should just be able to power back on the Kaplan Fortigate, and leave everything connected.  After testing this , this KB article should be updated to reflect that.   

~Greeney 7/7/2020

(0 vote(s))
Not helpful

Comments (0)