Fortinet black logo

FortiGate-7000 Handbook

Home FortiGate-7000 6.0.8 FortiGate-7000 Handbook

Primary FortiGate-7000 selection and override

6.0.8
6.2.3
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.9
Copy Link
Copy Doc ID ebdd05d3-21ea-11ea-9384-00505692583a:174111
Download PDF

Primary FortiGate-7000 selection and override

When configuring FortiGate-7000 HA, if you want one of the FortGate-7000s to always become the primary FortiGate-7000 you can enable override on that FortiGate-7000. For override to be effective, you must also set the device priority highest on this FortiGate-7000.

To enable override and increase device priority:

config system ha

set override enable

set priority 200

end

The FortiGate-7000 with override enabled and the highest device priority always becomes the primary FortiGate-7000.

In most cases, with override enabled the cluster will negotiate more often. For example, with override enabled it is more likely that changes to the secondary FortiGate-7000 may cause the cluster to negotiate. More frequent negotiation can lead to more traffic disruptions.

This section highlights some aspects of primary FortiGate-7000 selection. For more details about how this works, see HA override.

Enabling override changes primary FortiGate-7000 selection

Enabling override changes the order of primary FortiGate-7000 selection. As shown below, if override is enabled, primary FortiGate-7000 selection considers device priority before age and serial number. This means that if you set the device priority higher on one FortiGate-7000, with override enabled this FortiGate-7000 becomes the primary FortiGate-7000 even if its age and serial number are lower.

Similar to when override is disabled, when override is enabled primary FortiGate-7000 selection checks for operating FIMs and connected monitored interfaces first. So if interface monitoring is enabled, the FortiGate-7000 with the most disconnected monitored interfaces cannot become the primary FortiGate-7000, even if this FortiGate-7000 has the highest device priority.

Previous
Next

Primary FortiGate-7000 selection and override

When configuring FortiGate-7000 HA, if you want one of the FortGate-7000s to always become the primary FortiGate-7000 you can enable override on that FortiGate-7000. For override to be effective, you must also set the device priority highest on this FortiGate-7000.

To enable override and increase device priority:

config system ha

set override enable

set priority 200

end

The FortiGate-7000 with override enabled and the highest device priority always becomes the primary FortiGate-7000.

In most cases, with override enabled the cluster will negotiate more often. For example, with override enabled it is more likely that changes to the secondary FortiGate-7000 may cause the cluster to negotiate. More frequent negotiation can lead to more traffic disruptions.

This section highlights some aspects of primary FortiGate-7000 selection. For more details about how this works, see HA override.

Enabling override changes primary FortiGate-7000 selection

Enabling override changes the order of primary FortiGate-7000 selection. As shown below, if override is enabled, primary FortiGate-7000 selection considers device priority before age and serial number. This means that if you set the device priority higher on one FortiGate-7000, with override enabled this FortiGate-7000 becomes the primary FortiGate-7000 even if its age and serial number are lower.

Similar to when override is disabled, when override is enabled primary FortiGate-7000 selection checks for operating FIMs and connected monitored interfaces first. So if interface monitoring is enabled, the FortiGate-7000 with the most disconnected monitored interfaces cannot become the primary FortiGate-7000, even if this FortiGate-7000 has the highest device priority.

Previous
Next