Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000 Release Notes

FortiGate-6000 HA, FPCs, and power failure

In a FortiGate-6000 HA cluster, if the FPCs in the primary FortiGate-6000 shut down because two of the power supplies fail or become disconnected from power, the cluster renegotiates and the FortiGate-6000 with the most operating FPCs becomes the primary FortiGate-6000.

If the FPCs in the secondary FortiGate-6000 shut down because two power supplies have failed or disconnected, its status in the cluster does not change. In future cluster negotiations the FortiGate-6000 with shut down FPCs is less likely to become the primary FortiGate-6000.

Caution

To prevent multiple failovers, if an FPC failure occurs in an HA cluster with override enabled, you should disable override until you can fix the problems and get all the FPCs up and running and synchronized.

After an FPC failure, sessions and configuration changes are not synchronized to the failed FPCs.

If failed FPCs recover in the secondary FortiGate-6000, it will continue to operate as the secondary FortiGate-6000 and will attempt to re-synchronze the FPCs with the management board. This process may take a few minutes, but if it is successful, the secondary FortiGate-6000 can return to fully participate in the cluster.

If there have been many configuration changes, the FPCs need to be manually synchronized with the management board. Log into the CLI of each out of synch FPC and enter the execute factoryreset command to reset the configuration. After the FPC restarts, the management board will attempt to synchronize the configuration of the FPC. If the configuration synchronization is successful, the FPC can start processing traffic again.

If there has been a firmware upgrade, and the firmware running on a failed FPC is out of date, you can upgrade the firmware of the FPC as described in the section: Installing firmware on an individual FPC.

You can optionally use the following command to make sure the sessions on the FPCs in the secondary FortiGate-6000 are synchronized with the sessions on the FPCs in the primary FortiGate-6000.

diagnose test application chlbd 10

Once all of the FPCs are operating and synchronized, the secondary FortiGate-6000 can fully participate with the cluster.

 

FortiGate-6000 HA, FPCs, and power failure

In a FortiGate-6000 HA cluster, if the FPCs in the primary FortiGate-6000 shut down because two of the power supplies fail or become disconnected from power, the cluster renegotiates and the FortiGate-6000 with the most operating FPCs becomes the primary FortiGate-6000.

If the FPCs in the secondary FortiGate-6000 shut down because two power supplies have failed or disconnected, its status in the cluster does not change. In future cluster negotiations the FortiGate-6000 with shut down FPCs is less likely to become the primary FortiGate-6000.

Caution

To prevent multiple failovers, if an FPC failure occurs in an HA cluster with override enabled, you should disable override until you can fix the problems and get all the FPCs up and running and synchronized.

After an FPC failure, sessions and configuration changes are not synchronized to the failed FPCs.

If failed FPCs recover in the secondary FortiGate-6000, it will continue to operate as the secondary FortiGate-6000 and will attempt to re-synchronze the FPCs with the management board. This process may take a few minutes, but if it is successful, the secondary FortiGate-6000 can return to fully participate in the cluster.

If there have been many configuration changes, the FPCs need to be manually synchronized with the management board. Log into the CLI of each out of synch FPC and enter the execute factoryreset command to reset the configuration. After the FPC restarts, the management board will attempt to synchronize the configuration of the FPC. If the configuration synchronization is successful, the FPC can start processing traffic again.

If there has been a firmware upgrade, and the firmware running on a failed FPC is out of date, you can upgrade the firmware of the FPC as described in the section: Installing firmware on an individual FPC.

You can optionally use the following command to make sure the sessions on the FPCs in the secondary FortiGate-6000 are synchronized with the sessions on the FPCs in the primary FortiGate-6000.

diagnose test application chlbd 10

Once all of the FPCs are operating and synchronized, the secondary FortiGate-6000 can fully participate with the cluster.