Fortinet black logo

Handbook

Restoring a disconnected FortiGate

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:972062
Download PDF

Restoring a disconnected FortiGate

If you disconnect a FortiGate from a cluster, you can re-connect the disconnected FortiGate to the cluster by setting the HA mode of the disconnected unit to match the HA mode of the cluster. Usually the disconnected unit rejoins the cluster as a subordinate unit and the cluster automatically synchronizes its configuration.

note icon You do not have to change the HA password on the disconnected unit unless the HA password has been changed after the unit was disconnected. Disconnecting a unit from a cluster does not change the HA password.
caution icon You should make sure that the device priority of the disconnected unit is lower than the device priority of the current primary unit. You should also make sure that the HA override CLI option is not enabled on the disconnected unit. Otherwise, when the disconnected unit joins the cluster, the cluster will renegotiate and the disconnected unit may become the primary unit. If this happens, the configuration of the disconnected unit is synchronized to all other cluster units. This configuration change might disrupt the operation of the cluster.

The following procedure assumes that the disconnected FortiGate is correctly physically connected to your network and to the cluster but is not running in HA mode and not part of the cluster.

Before you start this procedure you should note the device priority of the primary unit.

To add a disconnected FortiGate back to its cluster - GUI
  1. Log into the disconnected FortiGate.

    If virtual domains are enabled, log in as the admin administrator and select Global Configuration.

  2. Go to System > HA.
  3. Change Mode to match the mode of the cluster.
  4. If required, change the group name and password to match the cluster.
  5. Set the Device Priority lower than the device priority of the primary unit.
  6. Select OK.

    The disconnected FortiGate joins the cluster.

To add a disconnected FortiGate back to its cluster - CLI
  1. Log into the CLI of the FortiGate to be added back to the cluster.
  2. Enter the following command to access the global configuration and add the FortiGate back to a cluster operating in active-passive mode and set the device priority to 50 (a low number) so that this unit will not become the primary unit:

    config global

    config system ha

    set mode a-p

    set priority 50

    end

    end

    You may have to also change the group name, group id and password. However if you have not changed these for the cluster or the FortiGate after it was disconnected from the cluster you should not have to adjust them now.

Restoring a disconnected FortiGate

If you disconnect a FortiGate from a cluster, you can re-connect the disconnected FortiGate to the cluster by setting the HA mode of the disconnected unit to match the HA mode of the cluster. Usually the disconnected unit rejoins the cluster as a subordinate unit and the cluster automatically synchronizes its configuration.

note icon You do not have to change the HA password on the disconnected unit unless the HA password has been changed after the unit was disconnected. Disconnecting a unit from a cluster does not change the HA password.
caution icon You should make sure that the device priority of the disconnected unit is lower than the device priority of the current primary unit. You should also make sure that the HA override CLI option is not enabled on the disconnected unit. Otherwise, when the disconnected unit joins the cluster, the cluster will renegotiate and the disconnected unit may become the primary unit. If this happens, the configuration of the disconnected unit is synchronized to all other cluster units. This configuration change might disrupt the operation of the cluster.

The following procedure assumes that the disconnected FortiGate is correctly physically connected to your network and to the cluster but is not running in HA mode and not part of the cluster.

Before you start this procedure you should note the device priority of the primary unit.

To add a disconnected FortiGate back to its cluster - GUI
  1. Log into the disconnected FortiGate.

    If virtual domains are enabled, log in as the admin administrator and select Global Configuration.

  2. Go to System > HA.
  3. Change Mode to match the mode of the cluster.
  4. If required, change the group name and password to match the cluster.
  5. Set the Device Priority lower than the device priority of the primary unit.
  6. Select OK.

    The disconnected FortiGate joins the cluster.

To add a disconnected FortiGate back to its cluster - CLI
  1. Log into the CLI of the FortiGate to be added back to the cluster.
  2. Enter the following command to access the global configuration and add the FortiGate back to a cluster operating in active-passive mode and set the device priority to 50 (a low number) so that this unit will not become the primary unit:

    config global

    config system ha

    set mode a-p

    set priority 50

    end

    end

    You may have to also change the group name, group id and password. However if you have not changed these for the cluster or the FortiGate after it was disconnected from the cluster you should not have to adjust them now.