Fortinet white logo
Fortinet white logo

FortiGate-6000 Handbook

Primary FortiGate-6000 selection with override disabled (default)

Primary FortiGate-6000 selection with override disabled (default)

FortiGate-6000 FGCP selects the primary FortiGate-6000 based on standard FGCP primary unit selection and also accounting for the number of failed FPCs. The selection sequence is:

  • At least one active FPC
  • Connected monitored interfaces
  • Number of active FPCs
  • Number of active SSDs (if SSD failure protection is enabled, FortiGate-6301F or 6501F only)
  • Age
  • Device priority
  • Serial number

In most cases and with default settings, if everything is connected and operating normally, the FortiGate-6000 with the highest serial number becomes the primary FortiGate-6000. You can set the device priority higher on one of the FortiGate-6000s if you want it to become the primary FortiGate-6000.

The selection sequence also shows that at least one FPC must be active for a FortiGate-6000 to be selected to be the primary. If at least one FPC is active on each FortiGate-6000, the most important criteria is the number of connected monitored interfaces followed by the number of failed FPCs, followed by the number of active SSDs if SSD failure protection is enabled. So if one or more FPCs fail, if interface monitoring is not configured or no monitored interface has become disconnected, the primary FortiGate-6000 will be the one with the most active FPCs.

Primary FortiGate-6000 selection with override disabled (default)

Primary FortiGate-6000 selection with override disabled (default)

FortiGate-6000 FGCP selects the primary FortiGate-6000 based on standard FGCP primary unit selection and also accounting for the number of failed FPCs. The selection sequence is:

  • At least one active FPC
  • Connected monitored interfaces
  • Number of active FPCs
  • Number of active SSDs (if SSD failure protection is enabled, FortiGate-6301F or 6501F only)
  • Age
  • Device priority
  • Serial number

In most cases and with default settings, if everything is connected and operating normally, the FortiGate-6000 with the highest serial number becomes the primary FortiGate-6000. You can set the device priority higher on one of the FortiGate-6000s if you want it to become the primary FortiGate-6000.

The selection sequence also shows that at least one FPC must be active for a FortiGate-6000 to be selected to be the primary. If at least one FPC is active on each FortiGate-6000, the most important criteria is the number of connected monitored interfaces followed by the number of failed FPCs, followed by the number of active SSDs if SSD failure protection is enabled. So if one or more FPCs fail, if interface monitoring is not configured or no monitored interface has become disconnected, the primary FortiGate-6000 will be the one with the most active FPCs.