If one or more FPMs in the primary FortiGate-7000 fails, the cluster renegotiates and the FortiGate-7000 with the most operating FPMs becomes the primary FortiGate-7000. An FPM failure can occur if the FPM shuts down due to a software crash or hardware problem, or if the FPM is manually shut down or even removed from the chassis.
After the primary FortiGate-7000 experiences an FIM failure, the FortiGate-7000 with the most operating FPMs becomes the new primary FortiGate-7000. The new primary FortiGate-7000 sends gratuitous arp packets out all of its connected interfaces to inform attached switches to send traffic to it. Sessions then resume with the new primary FortiGate-7000.
If the secondary FortiGate-7000 experiences an FPM failure, its status in the cluster does not change. However, in future negotiations the FortiGate-7000 with an FPM failure is less likely to become the primary FortiGate-7000.