Fortinet black logo

FortiGate-7000E Handbook

Home FortiGate-7000 6.0.15 FortiGate-7000E Handbook

Primary FortiGate-7000E selection and override

6.0.15
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
Copy Link
Copy Doc ID c31515a1-64fa-11ed-96f0-fa163e15d75b:174111
Download PDF

Primary FortiGate-7000E selection and override

When configuring FortiGate-7000E HA, if you want one of the FortiGate-7000Es to always become the primary FortiGate-7000E you can enable override on that FortiGate-7000E. For override to be effective, you must also set the device priority highest on this FortiGate-7000E.

To enable override and increase device priority:

config system ha

set override enable

set priority 200

end

The FortiGate-7000E with override enabled and the highest device priority always becomes the primary FortiGate-7000E.

In most cases, with override enabled the cluster will negotiate more often. For example, with override enabled it is more likely that changes to the secondary FortiGate-7000E may cause the cluster to negotiate. More frequent negotiation can lead to more traffic disruptions.

This section highlights some aspects of primary FortiGate-7000E selection. For more details about how this works, see HA override.

Enabling override changes primary FortiGate-7000E selection

Enabling override changes the order of primary FortiGate-7000E selection. As shown below, if override is enabled, primary FortiGate-7000E selection considers device priority before age and serial number. This means that if you set the device priority higher on one FortiGate-7000E, with override enabled this FortiGate-7000E becomes the primary FortiGate-7000E even if its age and serial number are lower.

Similar to when override is disabled, when override is enabled primary FortiGate-7000E selection checks for operating modules and connected monitored interfaces first. So if interface monitoring is enabled, the FortiGate-7000E with the most disconnected monitored interfaces cannot become the primary FortiGate-7000E, even if this FortiGate-7000E has the highest device priority.

Previous
Next

Primary FortiGate-7000E selection and override

When configuring FortiGate-7000E HA, if you want one of the FortiGate-7000Es to always become the primary FortiGate-7000E you can enable override on that FortiGate-7000E. For override to be effective, you must also set the device priority highest on this FortiGate-7000E.

To enable override and increase device priority:

config system ha

set override enable

set priority 200

end

The FortiGate-7000E with override enabled and the highest device priority always becomes the primary FortiGate-7000E.

In most cases, with override enabled the cluster will negotiate more often. For example, with override enabled it is more likely that changes to the secondary FortiGate-7000E may cause the cluster to negotiate. More frequent negotiation can lead to more traffic disruptions.

This section highlights some aspects of primary FortiGate-7000E selection. For more details about how this works, see HA override.

Enabling override changes primary FortiGate-7000E selection

Enabling override changes the order of primary FortiGate-7000E selection. As shown below, if override is enabled, primary FortiGate-7000E selection considers device priority before age and serial number. This means that if you set the device priority higher on one FortiGate-7000E, with override enabled this FortiGate-7000E becomes the primary FortiGate-7000E even if its age and serial number are lower.

Similar to when override is disabled, when override is enabled primary FortiGate-7000E selection checks for operating modules and connected monitored interfaces first. So if interface monitoring is enabled, the FortiGate-7000E with the most disconnected monitored interfaces cannot become the primary FortiGate-7000E, even if this FortiGate-7000E has the highest device priority.

Previous
Next