Fortinet black logo

FortiGate-7000F Handbook

Primary FortiGate-7000F selection with override disabled (default)

Copy Link
Copy Doc ID f2d4ea6c-35c4-11ed-9d74-fa163e15d75b:248515
Download PDF

Primary FortiGate-7000F selection with override disabled (default)

FortiGate-7000F FGCP selects the primary FortiGate-7000F based on standard FGCP primary unit selection and also accounting for the number of failed FPMs. The selection sequence is:

  • set-as-master/set-as-slave
  • At least one active FPM
  • Failed FIMs
  • Failed monitored interfaces
  • Failed FPMs
  • Age
  • Device priority
  • Serial number

In most cases and with default settings, if everything is connected and operating normally, the FortiGate-7000F with the highest serial number becomes the primary FortiGate-7000F. You can set the device priority higher on one of the FortiGate-7000Fs if you want it to become the primary FortiGate-7000F.

The selection sequence also shows that at least one FPM must be active for a FortiGate-7000F to be selected to be the primary. If at least one FPM is active on each FortiGate-7000F, the most important criteria is the number of operating FIMs, followed by the number of connected monitored interfaces, and followed by the number of failed FPMs. So if one or more FPMs fail, if both FIMs are operating and if monitored interfaces are not configured or no monitored interface has become disconnected, the primary FortiGate-7000F will be the one with the most active FPMs.

Primary FortiGate-7000F selection with override disabled (default)

FortiGate-7000F FGCP selects the primary FortiGate-7000F based on standard FGCP primary unit selection and also accounting for the number of failed FPMs. The selection sequence is:

  • set-as-master/set-as-slave
  • At least one active FPM
  • Failed FIMs
  • Failed monitored interfaces
  • Failed FPMs
  • Age
  • Device priority
  • Serial number

In most cases and with default settings, if everything is connected and operating normally, the FortiGate-7000F with the highest serial number becomes the primary FortiGate-7000F. You can set the device priority higher on one of the FortiGate-7000Fs if you want it to become the primary FortiGate-7000F.

The selection sequence also shows that at least one FPM must be active for a FortiGate-7000F to be selected to be the primary. If at least one FPM is active on each FortiGate-7000F, the most important criteria is the number of operating FIMs, followed by the number of connected monitored interfaces, and followed by the number of failed FPMs. So if one or more FPMs fail, if both FIMs are operating and if monitored interfaces are not configured or no monitored interface has become disconnected, the primary FortiGate-7000F will be the one with the most active FPMs.