Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.4.11 Administration Guide
    7.4.11
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    Replacing a failed cluster unit

    Replacing a failed cluster unit

    This procedure describes how to safely remove a failed unit from a FortiGate HA cluster and integrate a replacement (or a repaired) unit. These steps ensure the cluster remains stable and the new unit does not inadvertently take over as the primary unit before it is ready. This process does not interrupt cluster operations unless network cabling changes are required to accommodate the new hardware.

    Prerequisites for the replacement unit

    The replacement or repaired unit must meet these strict criteria to successfully join the cluster:

    • Hardware consistency: You must maintain identical hardware configurations across all cluster members, including the same model, generation, RAM, and number of hard disks/SSDs.

    • Firmware build: The replacement must run the exact same firmware build as the active cluster.

    • Licensing: All units must have the same level of licensing.

    • Operating mode: The unit must be in the same mode (NAT or Transparent) as the cluster.

    • VDOM mode: The unit must be in single VDOM mode initially.

    • Certificates: You may install third-party certificates on the primary unit before forming the cluster; these will synchronize to the replacement unit once it joins.

    Step 1: Prepare for removal (failover check)

    Before physically disconnecting the failed unit, you must confirm the status of the cluster:

    • Check cluster health: Ensure the remaining unit is healthy and has taken over all traffic.

    • Manual failover: If the "failed" unit is still partially responsive or acting as the primary unit, manually trigger a failover (by adjusting HA priority or disconnecting its heartbeat interface) to ensure the healthy unit is the primary before you remove the hardware. This prevents traffic drops during the physical swap.

    • Physical disconnection: Once the healthy unit is confirmed as primary, disconnect the failed unit from both the cluster heartbeat and the network.

    Step 2: RMA transfer and registration

    If you are replacing a unit through RMA, you must transfer the registration and services so the new unit can access the correct licenses.

    1. Log in to the FortiCloud Support portal.

    2. Go to Products > Product List and select the Serial Number (or HA vSN) of the failed unit.

    3. In the Registration widget, click RMA Transfer.

    4. Enter the serial number of the new replacement unit and complete the wizard.

    5. Register and apply any specific license keys to the replacement unit to match the cluster's licensing level.

    Step 3: Configure the replacement unit (ensure secondary status)

    To prevent the new unit from accidentally becoming the primary unit and over-writing your production config with a blank one, follow this safety-first configuration:

    1. Isolate the unit: Perform the initial configuration using the Console or Management port while the unit is not connected to the network.

    2. Set low priority: Set the HA priority of the replacement unit to a value significantly lower than the existing primary. (For example, set the primary to 200 and the replacement to 100.)

    3. Match HA Settings: Configure the HA group ID, group name, and password to match the existing cluster.

    4. Override disabled: Ensure set override disable is configured in the HA settings. This ensures the unit with the longest uptime (the existing primary) remains the leader.

    5. Mode sync: If the cluster is in transparent mode, you must switch the replacement unit to transparent mode using the CLI/GUI before connecting it to the cluster to avoid broadcast loops or traffic interruptions.

    Step 4: Connect the replacement

    1. Cabling: Connect the heartbeat (HA) interfaces first.

    2. Power on: Turn on the replacement unit.

    3. Monitor synchronization: Use the command get system ha status on the primary to see the new unit join.

    4. Data cables: Once the units are in sync (the Configuration Status shows as in-sync), connect the remaining data/network cables. The cluster will automatically synchronize the configuration from the primary to the replacement unit.

    Previous
    Next

    Replacing a failed cluster unit

    Replacing a failed cluster unit

    This procedure describes how to safely remove a failed unit from a FortiGate HA cluster and integrate a replacement (or a repaired) unit. These steps ensure the cluster remains stable and the new unit does not inadvertently take over as the primary unit before it is ready. This process does not interrupt cluster operations unless network cabling changes are required to accommodate the new hardware.

    Prerequisites for the replacement unit

    The replacement or repaired unit must meet these strict criteria to successfully join the cluster:

    • Hardware consistency: You must maintain identical hardware configurations across all cluster members, including the same model, generation, RAM, and number of hard disks/SSDs.

    • Firmware build: The replacement must run the exact same firmware build as the active cluster.

    • Licensing: All units must have the same level of licensing.

    • Operating mode: The unit must be in the same mode (NAT or Transparent) as the cluster.

    • VDOM mode: The unit must be in single VDOM mode initially.

    • Certificates: You may install third-party certificates on the primary unit before forming the cluster; these will synchronize to the replacement unit once it joins.

    Step 1: Prepare for removal (failover check)

    Before physically disconnecting the failed unit, you must confirm the status of the cluster:

    • Check cluster health: Ensure the remaining unit is healthy and has taken over all traffic.

    • Manual failover: If the "failed" unit is still partially responsive or acting as the primary unit, manually trigger a failover (by adjusting HA priority or disconnecting its heartbeat interface) to ensure the healthy unit is the primary before you remove the hardware. This prevents traffic drops during the physical swap.

    • Physical disconnection: Once the healthy unit is confirmed as primary, disconnect the failed unit from both the cluster heartbeat and the network.

    Step 2: RMA transfer and registration

    If you are replacing a unit through RMA, you must transfer the registration and services so the new unit can access the correct licenses.

    1. Log in to the FortiCloud Support portal.

    2. Go to Products > Product List and select the Serial Number (or HA vSN) of the failed unit.

    3. In the Registration widget, click RMA Transfer.

    4. Enter the serial number of the new replacement unit and complete the wizard.

    5. Register and apply any specific license keys to the replacement unit to match the cluster's licensing level.

    Step 3: Configure the replacement unit (ensure secondary status)

    To prevent the new unit from accidentally becoming the primary unit and over-writing your production config with a blank one, follow this safety-first configuration:

    1. Isolate the unit: Perform the initial configuration using the Console or Management port while the unit is not connected to the network.

    2. Set low priority: Set the HA priority of the replacement unit to a value significantly lower than the existing primary. (For example, set the primary to 200 and the replacement to 100.)

    3. Match HA Settings: Configure the HA group ID, group name, and password to match the existing cluster.

    4. Override disabled: Ensure set override disable is configured in the HA settings. This ensures the unit with the longest uptime (the existing primary) remains the leader.

    5. Mode sync: If the cluster is in transparent mode, you must switch the replacement unit to transparent mode using the CLI/GUI before connecting it to the cluster to avoid broadcast loops or traffic interruptions.

    Step 4: Connect the replacement

    1. Cabling: Connect the heartbeat (HA) interfaces first.

    2. Power on: Turn on the replacement unit.

    3. Monitor synchronization: Use the command get system ha status on the primary to see the new unit join.

    4. Data cables: Once the units are in sync (the Configuration Status shows as in-sync), connect the remaining data/network cables. The cluster will automatically synchronize the configuration from the primary to the replacement unit.

    Previous
    Next