Usage of the ‘execute ha failover set’ Command in FortiGate
This article describes the usage of the 'execute ha failover set' command to perform a forced failover on an HA primary unit.
In a high availability (HA) setup, FortiGate devices can be configured to operate in an active-passive or active-active mode. The command execute ha failover set is used to perform a forced failover from the primary unit to a secondary unit in an HA cluster. This command is particularly useful when the primary unit is unresponsive or when maintenance needs to be performed on it.
Step-by-Step Guide to Using ‘execute ha failover set’ Command
1. Understanding HA Configuration
Before executing the command, ensure that your FortiGate devices are correctly configured for HA. This includes:
- Setting up HA mode (active-passive or active-active).
- Ensuring that both units are synchronized and have the same configuration.
- Verifying that the HA heartbeat interfaces are operational.
2. Accessing the FortiGate CLI
To execute the command, you need access to the FortiGate Command Line Interface (CLI). You can do this via SSH or through the console interface.
3. Checking Current HA Status
Before performing a failover, it’s prudent to check the current status of your HA cluster. Use the following command:
get system ha statusThis will provide information about which unit is currently active and its health status.
4. Executing Forced Failover
To perform a forced failover, use the following command:
execute ha failover set Where is typically 1 for primary and 2 for secondary in an active-passive setup. If you want to forcefully switch from primary to secondary, you would execute:
execute ha failover set 25. Using Failover Flag
The failover flag can be utilized in conjunction with this command if you want to change which unit is considered “active.” To do this, you may need to configure specific settings within your HA configuration that dictate how failovers occur based on certain conditions (like link failures).
For example, if you want to ensure that a particular condition triggers a failover, you might adjust settings related to health checks or monitoring thresholds within your HA settings before executing the failover command.
6. Verifying New Active Unit
After executing the command, verify that the intended unit has taken over as active by running:
get system ha statusThis will confirm whether the new active unit is functioning correctly.
Conclusion
Using execute ha failover set allows administrators to manage their FortiGate HA setups effectively by forcing a transition between primary and secondary units as needed. It’s crucial always to monitor and verify after such operations to ensure network stability and performance.
Authoritative Sources Used:
Fortinet Documentation - Official documentation provides detailed commands and explanations regarding FortiGate configurations and management.
Fortinet Knowledge Base - A repository of articles addressing common issues and best practices related to FortiGate products.
Network World Articles on Fortinet - Industry publications discussing best practices for network security appliances including insights into high availability configurations for FortiGate devices.