If your HA configuration includes HA interface monitoring, if a primary FortiGate-6000 interface fails or is disconnected while a cluster is operating, a link failure occurs. When a link failure occurs, the FortiGate-6000s in the cluster negotiate to select a new primary FortiGate-6000. The link failure means that a that primary FortiGate-6000 with the most link failures will become the secondary and the FortiGate-6000 with the fewest link failures becomes the primary FortiGate-6000.
Just as for a device failover, the new primary FortiGate-6000 sends gratuitous arp packets out all of its connected interfaces to inform attached switches to send traffic to it. Sessions then resume with the new primary FortiGate-6000.
If the secondary FortiGate-6000 experiences a link failure, its status in the cluster does not change. However, in future negotiations FortiGate-6000 with a link failure is less likely to become the primary FortiGate-6000.
If one of the FortiGate-6000s experiences an FPC failure and the other experiences a link failure, the FortiGate-6000 with the most operating FPCs becomes the primary FortiGate-6000, even if it is also experiencing a link failure.