Fortinet black logo

Administration Guide

Recovery

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:425584
Download PDF

Recovery

If high availability has been implemented and a failover has occurred, you must correct the reason for the failover before restarting your primary server.

Restart the primary server

Use Resume Control on the Summary panel to start the primary again. When you select Resume Control, critical files are copied from the secondary back to the primary and control is returned to the primary. On the FortiNAC Server, FortiNAC Control Server, and FortiNAC Control Manager appliances, the database is also copied.

If you are using high availability for a FortiNAC Control Server and FortiNAC Application Server pair and this configuration does not use a shared IP address, when failover occurs both servers failover. To return control to the primary pair, click Resume Control on the Summary panel for either of the two servers in the pair. This causes both the FortiNAC Control Server and FortiNAC Application Server in the primary pair to start again and control is returned to both servers in the primary pair.

If for any reason the database was not replicated correctly on the secondary before failover, the recovery process gives you the option of retaining the older database located on the primary.

  1. Click Bookmarks > Dashboard.
  2. Scroll to the Summary panel.
  3. Click Resume Control for the server that should resume control.
  4. The primary server restarts. Database and configuration files are copied from the secondary to the primary. Processes are started on the primary. Then the secondary server relinquishes control.

This process may take a few moments while the data is synchronized between the two servers.

Manually restart, stop or force a failover

The scripts in the table below allow you to control high availability from the CLI. Scripts to restart the primary servers vary depending on the configuration implemented. For configuration options see Primary and secondary configuration.

CLI scripts

Server type

Primary recovery

Shutdown without failover

Shutdown with failover

Shared IP address

FortiNAC Server, FortiNAC Control Server,

FortiNAC Control Manager

hsRestartCMMaster

shutdownCampusMgr

shutdownCampusMgr -kill

FortiNAC Application Server

hsRestartCMRCMaster

shutdownNessus

shutdownNessus -kill

No shared IP address

FortiNAC Control Server

hsRestartPair

(restarts both servers in the pair)

shutdownCampusMgr

shutdownCampusMgr -kill

FortiNAC Application Server

hsRestartPair

(restarts both servers in the pair)

shutdownNessus

shutdownNessus -kill

Recovery

If high availability has been implemented and a failover has occurred, you must correct the reason for the failover before restarting your primary server.

Restart the primary server

Use Resume Control on the Summary panel to start the primary again. When you select Resume Control, critical files are copied from the secondary back to the primary and control is returned to the primary. On the FortiNAC Server, FortiNAC Control Server, and FortiNAC Control Manager appliances, the database is also copied.

If you are using high availability for a FortiNAC Control Server and FortiNAC Application Server pair and this configuration does not use a shared IP address, when failover occurs both servers failover. To return control to the primary pair, click Resume Control on the Summary panel for either of the two servers in the pair. This causes both the FortiNAC Control Server and FortiNAC Application Server in the primary pair to start again and control is returned to both servers in the primary pair.

If for any reason the database was not replicated correctly on the secondary before failover, the recovery process gives you the option of retaining the older database located on the primary.

  1. Click Bookmarks > Dashboard.
  2. Scroll to the Summary panel.
  3. Click Resume Control for the server that should resume control.
  4. The primary server restarts. Database and configuration files are copied from the secondary to the primary. Processes are started on the primary. Then the secondary server relinquishes control.

This process may take a few moments while the data is synchronized between the two servers.

Manually restart, stop or force a failover

The scripts in the table below allow you to control high availability from the CLI. Scripts to restart the primary servers vary depending on the configuration implemented. For configuration options see Primary and secondary configuration.

CLI scripts

Server type

Primary recovery

Shutdown without failover

Shutdown with failover

Shared IP address

FortiNAC Server, FortiNAC Control Server,

FortiNAC Control Manager

hsRestartCMMaster

shutdownCampusMgr

shutdownCampusMgr -kill

FortiNAC Application Server

hsRestartCMRCMaster

shutdownNessus

shutdownNessus -kill

No shared IP address

FortiNAC Control Server

hsRestartPair

(restarts both servers in the pair)

shutdownCampusMgr

shutdownCampusMgr -kill

FortiNAC Application Server

hsRestartPair

(restarts both servers in the pair)

shutdownNessus

shutdownNessus -kill