Fortinet black logo

CLI Reference

ha disconnect

ha disconnect

Use this command to manually force a FortiWeb appliance to leave the HA group, without unplugging any cables. This can be useful, for example, if you need to remove a standby appliance from the HA cluster in order to configure it for standalone operation, and want to do so without disrupting traffic, and without unplugging cables.

Behavior varies by which appliance you eject:

  • Active—Failover occurs. The standby remains as a member of the HA group, and will elect itself as the new active appliance, assuming all of the HA cluster’s configured IP addresses and traffic processing duties.
  • Standby—No failover occurs. The active appliance remains actively processing traffic.

To ensure that you can re-connect to the ejected appliance’s GUI or CLI via a remote network connection (not only via its local console), this command requires that you specify an IP address and port name that will become its new management interface. By default, it will be accessible via HTTP, HTTPS, SSH, and telnet.

All other network interfaces on the ejected appliance will be brought down and reset to 0.0.0.0/0.0.0.0. To configure them, you must connect to the ejected appliance’s GUI or CLI.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

execute ha disconnect <serial-number_str> <interface_name> <interface_ipv4mask/ipv6mask>

Variable Description Default

disconnect <serial-number_str>

Enter the serial number of the FortiWeb appliance that you want to disconnect from the cluster.

To display the serial number of each appliance in the HA group, enter:

execute ha disconnect ?

No default.

<interface_name>

Enter the name of the network interface, such as port1, that will be configured as the ejected appliance’s management interface. No default.

<interface_ipv4mask/ipv6mask>

Enter the IP address and netmask that will be configured as the ejected appliance’s management interface. No default.

Example

This example ejects the standby appliance whose serial number is FV-1KC3R11111111, assigning its port1 to be the web UI interface, reachable at 192.0.2.123.

execute ha disconnect FV-1KC3R11111111 port1 192.0.2.123/24 192::2:123/64


After the command completes, to reconfigure the ejected appliance, you could then use either a web browser or SSH client to connect to 192.0.2.123 in order to reconfigure it for standalone operation.

Related topics

ha disconnect

Use this command to manually force a FortiWeb appliance to leave the HA group, without unplugging any cables. This can be useful, for example, if you need to remove a standby appliance from the HA cluster in order to configure it for standalone operation, and want to do so without disrupting traffic, and without unplugging cables.

Behavior varies by which appliance you eject:

  • Active—Failover occurs. The standby remains as a member of the HA group, and will elect itself as the new active appliance, assuming all of the HA cluster’s configured IP addresses and traffic processing duties.
  • Standby—No failover occurs. The active appliance remains actively processing traffic.

To ensure that you can re-connect to the ejected appliance’s GUI or CLI via a remote network connection (not only via its local console), this command requires that you specify an IP address and port name that will become its new management interface. By default, it will be accessible via HTTP, HTTPS, SSH, and telnet.

All other network interfaces on the ejected appliance will be brought down and reset to 0.0.0.0/0.0.0.0. To configure them, you must connect to the ejected appliance’s GUI or CLI.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

execute ha disconnect <serial-number_str> <interface_name> <interface_ipv4mask/ipv6mask>

Variable Description Default

disconnect <serial-number_str>

Enter the serial number of the FortiWeb appliance that you want to disconnect from the cluster.

To display the serial number of each appliance in the HA group, enter:

execute ha disconnect ?

No default.

<interface_name>

Enter the name of the network interface, such as port1, that will be configured as the ejected appliance’s management interface. No default.

<interface_ipv4mask/ipv6mask>

Enter the IP address and netmask that will be configured as the ejected appliance’s management interface. No default.

Example

This example ejects the standby appliance whose serial number is FV-1KC3R11111111, assigning its port1 to be the web UI interface, reachable at 192.0.2.123.

execute ha disconnect FV-1KC3R11111111 port1 192.0.2.123/24 192::2:123/64


After the command completes, to reconfigure the ejected appliance, you could then use either a web browser or SSH client to connect to 192.0.2.123 in order to reconfigure it for standalone operation.

Related topics