If one or more FPCs in the primary FortiGate-6000 fails, the cluster renegotiates and the FortiGate-6000 with the most operating FPCs becomes the primary FortiGate-6000. An FPC failure can occur if an FPC shuts down due to a software crash or hardware problem, or if the FPC is manually shut down.
FPCs also shut down if two of the three FortiGate-6000 power supply units (PSUs) become disconnected from their power source. The FortiGate-6000 includes three hot-swappable PSUs in a 2+1 redundant configuration. At least two of the PSUs must be operating to provide power to the FortiGate-6000. If only one PSU is operating, only four of the FPCs will continue running (usually the FPCs in slots 1 to 4). For more information about FPC failure with power loss, see AC power supply units (PSUs).
To prevent multiple failovers, if an FPC failure occurs in an HA cluster with override enabled, you should disable override until you can fix the problems and get all the FPCs up and running and synchronized.
After an FPC failure, sessions and configuration changes are not synchronized to the failed FPCs.
If failed FPCs recover in the secondary FortiGate-6000, it will continue to operate as the secondary FortiGate-6000 and will attempt to resynchronize the FPCs with the management board. This process may take a few minutes, but if it is successful, the secondary FortiGate-6000 can return to fully participate in the cluster.
If there have been many configuration changes, the FPCs need to be manually synchronized with the management board. Log into the CLI of each out of synch FPC and enter the
execute factoryreset command to reset the configuration. After the FPC restarts, the management board will attempt to synchronize the configuration of the FPC. If the configuration synchronization is successful, the FPC can start processing traffic again.
If there has been a firmware upgrade, and the firmware running on a failed FPC is out of date, you can upgrade the firmware of the FPC as described in the section: Installing firmware on an individual FortiGate-6000 FPC.
You can optionally use the following command to make sure the sessions on the FPCs in the secondary FortiGate-6000 are synchronized with the sessions on the FPCs in the primary FortiGate-6000.
diagnose test application chlbd 10
Once all of the FPCs are operating and synchronized, the secondary FortiGate-6000 can fully participate with the cluster.