Use this command to manually force a FortiWeb appliance to leave the HA group, without unplugging any cables. This can be useful, for example, if you need to remove a standby appliance from the HA cluster in order to configure it for standalone operation, and want to do so without disrupting traffic, and without unplugging cables.
Behavior varies by which appliance you eject:
- Active—Failover occurs. The standby remains as a member of the HA group, and will elect itself as the new active appliance, assuming all of the HA cluster’s configured IP addresses and traffic processing duties.
- Standby—No failover occurs. The active appliance remains actively processing traffic.
To ensure that you can re-connect to the ejected appliance’s GUI or CLI via a remote network connection (not only via its local console), this command requires that you specify an IP address and port name that will become its new management interface. By default, it will be accessible via HTTP, HTTPS, SSH, and telnet.
All other network interfaces on the ejected appliance will be brought down and reset to 0.0.0.0/0.0.0.0. To configure them, you must connect to the ejected appliance’s GUI or CLI.
To use this command, your administrator account’s access control profile must have either
rw permission to the
sysgrp area. For details, see Permissions.
execute ha disconnect <serial-number_str> <interface_name> <interface_ipv4mask/ipv6mask>
Enter the serial number of the FortiWeb appliance that you want to disconnect from the cluster.
To display the serial number of each appliance in the HA group, enter:
|Enter the name of the network interface, such as
|Enter the IP address and netmask that will be configured as the ejected appliance’s management interface.||No default.|
This example ejects the standby appliance whose serial number is FV-1KC3R11111111, assigning its port1 to be the web UI interface, reachable at
execute ha disconnect FV-1KC3R11111111 port1 192.0.2.123/24 192::2:123/64
After the command completes, to reconfigure the ejected appliance, you could then use either a web browser or SSH client to connect to
192.0.2.123 in order to reconfigure it for standalone operation.