Fortinet white logo
Fortinet white logo

FortiGate-6000 Release Notes

Set a FortiGate-6000 or 7000 in an HA configuration to always be primary

Set a FortiGate-6000 or 7000 in an HA configuration to always be primary

You can use the following command from the CLI of a FortiGate-6000 or 7000 in an HA configuration to cause the FortiGate-6000 or 7000 that you are logged into to always operate as the primary FortiGate-6000 or 7000, effectively blocking HA failovers.

diagnose sys ha set-as-primary enable

If the FortiGate-6000 or 7000 that you are logged into is already the primary, the cluster continues to operate normally. If you are logged into the backup FortiGate-6000 or 7000, a failover occurs and this FortiGate-6000 or 7000 becomes the primary FortiGate-6000 or 7000.

Command syntax:

diagnose sys ha set-as-primary {disable | enable | status}

disable the default, HA failovers can occur.

enable the FortiGate-6000 or 7000 that you are logged into becomes and remains the primary FortiGate in the HA cluster.

status view the set-as-primary status of the FortiGate-6000 or 7000 that you have logged into.

This command is intended to be used during troubleshooting and not for normal operation. Because this is a diagnose command, the command is reset to disable when the FortiGate restarts.

After you have finished troubleshooting you can either restart the cluster to restore normal operation or enter the following command:

diagnose sys ha set-as-primary disable

This may cause an HA failover depending on your HA configuration. For example, if override is enabled the cluster may renegotiate to select a primary FortiGate-6000 or 7000.

Set a FortiGate-6000 or 7000 in an HA configuration to always be primary

Set a FortiGate-6000 or 7000 in an HA configuration to always be primary

You can use the following command from the CLI of a FortiGate-6000 or 7000 in an HA configuration to cause the FortiGate-6000 or 7000 that you are logged into to always operate as the primary FortiGate-6000 or 7000, effectively blocking HA failovers.

diagnose sys ha set-as-primary enable

If the FortiGate-6000 or 7000 that you are logged into is already the primary, the cluster continues to operate normally. If you are logged into the backup FortiGate-6000 or 7000, a failover occurs and this FortiGate-6000 or 7000 becomes the primary FortiGate-6000 or 7000.

Command syntax:

diagnose sys ha set-as-primary {disable | enable | status}

disable the default, HA failovers can occur.

enable the FortiGate-6000 or 7000 that you are logged into becomes and remains the primary FortiGate in the HA cluster.

status view the set-as-primary status of the FortiGate-6000 or 7000 that you have logged into.

This command is intended to be used during troubleshooting and not for normal operation. Because this is a diagnose command, the command is reset to disable when the FortiGate restarts.

After you have finished troubleshooting you can either restart the cluster to restore normal operation or enter the following command:

diagnose sys ha set-as-primary disable

This may cause an HA failover depending on your HA configuration. For example, if override is enabled the cluster may renegotiate to select a primary FortiGate-6000 or 7000.