When configuring FortiGate-7000 HA, if you want one of the FortiGate-7000s to always become the primary FortiGate-7000 you can enable
override on that FortiGate-7000. For
override to be effective, you must also set the device priority highest on this FortiGate-7000.
To enable override and increase device priority:
config system ha
set override enable
set priority 200
The FortiGate-7000 with override enabled and the highest device priority always becomes the primary FortiGate-7000.
In most cases, with override enabled the cluster will negotiate more often. For example, with override enabled it is more likely that changes to the secondary FortiGate-7000 may cause the cluster to negotiate. More frequent negotiation can lead to more traffic disruptions.
This section highlights some aspects of primary FortiGate-7000 selection. For more details about how this works, see HA override.
override changes the order of primary FortiGate-7000 selection. As shown below, if
override is enabled, primary FortiGate-7000 selection considers device priority before age and serial number. This means that if you set the device priority higher on one FortiGate-7000, with
override enabled this FortiGate-7000 becomes the primary FortiGate-7000 even if its age and serial number are lower.
Similar to when
override is disabled, when
override is enabled primary FortiGate-7000 selection checks for operating modules and connected monitored interfaces first. So if interface monitoring is enabled, the FortiGate-7000 with the most disconnected monitored interfaces cannot become the primary FortiGate-7000, even if this FortiGate-7000 has the highest device priority.