Fortinet Document Library

Version:


Table of Contents

OpenStack Administration Guide

7.0.0
Download PDF
Copy Link

Verifying HA cluster status

On a FortiGate-VM in an HA cluster, you can use the following command to verify the status of the cluster:

fgt-vm # diagnose sys ha status

HA information

Statistics

traffic.local = s:0 p:42311 b:9008646

traffic.total = s:0 p:42316 b:9009528

activity.fdb = c:0 q:0

Model=80008, Mode=2 Group=0 Debug=0

nvcluster=1, ses_pickup=0, delay=0

[Debug_Zone HA information]

HA group member information: is_manage_master=1.

FGVM080000109643: Master, serialno_prio=0, usr_priority=128, hostname=fgt-vm

FGVM080000103268: Slave, serialno_prio=1, usr_priority=128, hostname=fgt-vm

[Kernel HA information]

vcluster 1, state=work, master_ip=169.254.0.1, master_id=0:

FGVM080000109643: Master, ha_prio/o_ha_prio=0/0

FGVM080000103268: Slave, ha_prio/o_ha_prio=1/1

The following command shows similar information:

fgt-vm # get system ha status

HA Health Status: OK

Model: FortiGate-VM64-KVM

Mode: HA A-P

Group: 0

Debug: 0

Cluster Uptime: 0 days 02:04:26

Cluster state change time: 2017-09-01 03:08:19

Master selected using:

<2017/09/01 03:08:19> FGVM080000109643 is selected as the master because it has the largest value of serialno.

ses_pickup: disable

override: disable

Configuration Status:

FGVM080000109643(updated 2 seconds ago): in-sync

FGVM080000103268(updated 0 seconds ago): out-of-sync

System Usage stats:

FGVM080000109643(updated 2 seconds ago):

sessions=4, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=55%

FGVM080000103268(updated 0 seconds ago):

sessions=0, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=54%

HBDEV stats:

FGVM080000109643(updated 2 seconds ago):

port4: physical/10000full, up, rx-bytes/packets/dropped/errors=15043566/61878/0/0, tx=158364378/146977/0/0

FGVM080000103268(updated 0 seconds ago):

port4: physical/10000full, up, rx-bytes/packets/dropped/errors=29442835/61625/49/0, tx=25246662/68626/0/0

MONDEV stats:

FGVM080000109643(updated 2 seconds ago):

port2: physical/10000full, up, rx-bytes/packets/dropped/errors=1892/8/0/0, tx=173710/307/0/0

FGVM080000103268(updated 0 seconds ago):

port2: physical/10000full, up, rx-bytes/packets/dropped/errors=174390/306/0/0, tx=2352/13/0/0

Master: fgt-vm , FGVM080000109643

Slave : fgt-vm , FGVM080000103268

number of vcluster: 1

vcluster 1: work 169.254.0.1

Master:0 FGVM080000109643

Slave :1 FGVM080000103268

The command diagnose system ha checksum show shows whether the configurations of the FortiGate-VMs in the cluster are synchronized. If the configurations are synchronized, both sets of checksums should match.

fgt-vm # diagnose sys ha checksum show

is_manage_master()=1, is_root_master()=1

debugzone

global: 33 6f ee 5b 78 a5 22 84 39 ec 36 d3 1c 54 7c 78

root: 40 0d fb 04 12 41 df ad f1 64 14 03 ff ec f5 01

all: d3 2f 6f bb a6 e7 77 db 27 75 81 b2 94 f3 fd 68

checksum

global: 33 6f ee 5b 78 a5 22 84 39 ec 36 d3 1c 54 7c 78

root: 40 0d fb 04 12 41 df ad f1 64 14 03 ff ec f5 01

all: d3 2f 6f bb a6 e7 77 db 27 75 81 b2 94 f3 fd 68

If the checksums do not match, you can use the diagnose sys ha checksum show and diagnose sys ha checksum show global commands to show more detailed checksum results. The following example shows the first few lines of output of the diagnose sys ha checksum show global command:

diagnose sys ha checksum show global

system.global: 2c79958c132639dfe61ab782a2f213ec

system.accprofile: 7d79452c78377be2616149264a18fd5c

system.vdom-link: 00000000000000000000000000000000

wireless-controller.inter-controller: 00000000000000000000000000000000

wireless-controller.global: 00000000000000000000000000000000

wireless-controller.vap: 00000000000000000000000000000000

system.switch-interface: 00000000000000000000000000000000

system.interface: 8690699bc33c7c15b20e017876cf1e37

...

If the configurations are synchronized, all the checksums displayed using these commands from both FortiGate-VMs should match. If they do not, you can use the output to see what parts of the configuration are not synchronized.

Verifying HA cluster status

On a FortiGate-VM in an HA cluster, you can use the following command to verify the status of the cluster:

fgt-vm # diagnose sys ha status

HA information

Statistics

traffic.local = s:0 p:42311 b:9008646

traffic.total = s:0 p:42316 b:9009528

activity.fdb = c:0 q:0

Model=80008, Mode=2 Group=0 Debug=0

nvcluster=1, ses_pickup=0, delay=0

[Debug_Zone HA information]

HA group member information: is_manage_master=1.

FGVM080000109643: Master, serialno_prio=0, usr_priority=128, hostname=fgt-vm

FGVM080000103268: Slave, serialno_prio=1, usr_priority=128, hostname=fgt-vm

[Kernel HA information]

vcluster 1, state=work, master_ip=169.254.0.1, master_id=0:

FGVM080000109643: Master, ha_prio/o_ha_prio=0/0

FGVM080000103268: Slave, ha_prio/o_ha_prio=1/1

The following command shows similar information:

fgt-vm # get system ha status

HA Health Status: OK

Model: FortiGate-VM64-KVM

Mode: HA A-P

Group: 0

Debug: 0

Cluster Uptime: 0 days 02:04:26

Cluster state change time: 2017-09-01 03:08:19

Master selected using:

<2017/09/01 03:08:19> FGVM080000109643 is selected as the master because it has the largest value of serialno.

ses_pickup: disable

override: disable

Configuration Status:

FGVM080000109643(updated 2 seconds ago): in-sync

FGVM080000103268(updated 0 seconds ago): out-of-sync

System Usage stats:

FGVM080000109643(updated 2 seconds ago):

sessions=4, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=55%

FGVM080000103268(updated 0 seconds ago):

sessions=0, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=54%

HBDEV stats:

FGVM080000109643(updated 2 seconds ago):

port4: physical/10000full, up, rx-bytes/packets/dropped/errors=15043566/61878/0/0, tx=158364378/146977/0/0

FGVM080000103268(updated 0 seconds ago):

port4: physical/10000full, up, rx-bytes/packets/dropped/errors=29442835/61625/49/0, tx=25246662/68626/0/0

MONDEV stats:

FGVM080000109643(updated 2 seconds ago):

port2: physical/10000full, up, rx-bytes/packets/dropped/errors=1892/8/0/0, tx=173710/307/0/0

FGVM080000103268(updated 0 seconds ago):

port2: physical/10000full, up, rx-bytes/packets/dropped/errors=174390/306/0/0, tx=2352/13/0/0

Master: fgt-vm , FGVM080000109643

Slave : fgt-vm , FGVM080000103268

number of vcluster: 1

vcluster 1: work 169.254.0.1

Master:0 FGVM080000109643

Slave :1 FGVM080000103268

The command diagnose system ha checksum show shows whether the configurations of the FortiGate-VMs in the cluster are synchronized. If the configurations are synchronized, both sets of checksums should match.

fgt-vm # diagnose sys ha checksum show

is_manage_master()=1, is_root_master()=1

debugzone

global: 33 6f ee 5b 78 a5 22 84 39 ec 36 d3 1c 54 7c 78

root: 40 0d fb 04 12 41 df ad f1 64 14 03 ff ec f5 01

all: d3 2f 6f bb a6 e7 77 db 27 75 81 b2 94 f3 fd 68

checksum

global: 33 6f ee 5b 78 a5 22 84 39 ec 36 d3 1c 54 7c 78

root: 40 0d fb 04 12 41 df ad f1 64 14 03 ff ec f5 01

all: d3 2f 6f bb a6 e7 77 db 27 75 81 b2 94 f3 fd 68

If the checksums do not match, you can use the diagnose sys ha checksum show and diagnose sys ha checksum show global commands to show more detailed checksum results. The following example shows the first few lines of output of the diagnose sys ha checksum show global command:

diagnose sys ha checksum show global

system.global: 2c79958c132639dfe61ab782a2f213ec

system.accprofile: 7d79452c78377be2616149264a18fd5c

system.vdom-link: 00000000000000000000000000000000

wireless-controller.inter-controller: 00000000000000000000000000000000

wireless-controller.global: 00000000000000000000000000000000

wireless-controller.vap: 00000000000000000000000000000000

system.switch-interface: 00000000000000000000000000000000

system.interface: 8690699bc33c7c15b20e017876cf1e37

...

If the configurations are synchronized, all the checksums displayed using these commands from both FortiGate-VMs should match. If they do not, you can use the output to see what parts of the configuration are not synchronized.