Fortinet black logo

FortiGate-7000F Handbook

Link failure

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:537702
Download PDF

Link failure

If your HA configuration includes HA interface monitoring, if a primary FortiGate-7000F interface fails or is disconnected while a cluster is operating, a link failure occurs. When a link failure occurs, the FortiGate-7000Fs in the cluster negotiate to select a new primary FortiGate-7000F. The link failure means that a that primary FortiGate-7000F with the most link failures will become the secondary and the FortiGate-7000F with the fewest link failures becomes the primary FortiGate-7000F.

Just as for a device failover, the new primary FortiGate-7000F sends gratuitous arp packets out all of its connected interfaces to inform attached switches to send traffic to it. Sessions then resume with the new primary FortiGate-7000F.

If the secondary FortiGate-7000F experiences a link failure, its status in the cluster does not change. However, in future negotiations a FortiGate-7000F with a link failure is less likely to become the primary FortiGate-7000F.

If one of the FortiGate-7000Fs experiences an FIM or FPM failure and the other experiences a link failure, the FortiGate-7000F with the most operating FIMs or FPMs becomes the primary FortiGate-7000F, even if it is also experiencing a link failure.

Link failure

If your HA configuration includes HA interface monitoring, if a primary FortiGate-7000F interface fails or is disconnected while a cluster is operating, a link failure occurs. When a link failure occurs, the FortiGate-7000Fs in the cluster negotiate to select a new primary FortiGate-7000F. The link failure means that a that primary FortiGate-7000F with the most link failures will become the secondary and the FortiGate-7000F with the fewest link failures becomes the primary FortiGate-7000F.

Just as for a device failover, the new primary FortiGate-7000F sends gratuitous arp packets out all of its connected interfaces to inform attached switches to send traffic to it. Sessions then resume with the new primary FortiGate-7000F.

If the secondary FortiGate-7000F experiences a link failure, its status in the cluster does not change. However, in future negotiations a FortiGate-7000F with a link failure is less likely to become the primary FortiGate-7000F.

If one of the FortiGate-7000Fs experiences an FIM or FPM failure and the other experiences a link failure, the FortiGate-7000F with the most operating FIMs or FPMs becomes the primary FortiGate-7000F, even if it is also experiencing a link failure.