Set a FortiGate-6000 or 7000 in an HA configuration to always be primary
You can use the following command from the CLI of a FortiGate-6000 or 7000 in an HA configuration to cause the FortiGate-6000 or 7000 that you are logged into to always operate as the primary FortiGate-6000 or 7000, effectively blocking HA failovers.
diagnose sys ha set-as-primary enable
If the FortiGate-6000 or 7000 that you are logged into is already the primary, the cluster continues to operate normally. If you are logged into the backup FortiGate-6000 or 7000, a failover occurs and this FortiGate-6000 or 7000 becomes the primary FortiGate-6000 or 7000.
Command syntax:
diagnose sys ha set-as-primary {disable | enable | status}
disable
the default, HA failovers can occur.
enable
the FortiGate-6000 or 7000 that you are logged into becomes and remains the primary FortiGate in the HA cluster.
status
view the set-as-primary
status of the FortiGate-6000 or 7000 that you have logged into.
This command is intended to be used during troubleshooting and not for normal operation. Because this is a diagnose command, the command is reset to disable
when the FortiGate restarts.
After you have finished troubleshooting you can either restart the cluster to restore normal operation or enter the following command:
diagnose sys ha set-as-primary disable
This may cause an HA failover depending on your HA configuration. For example, if override is enabled the cluster may renegotiate to select a primary FortiGate-6000 or 7000.