Failover Traffic From Master Fortigate Firewall to Standby (Slave):

To failover traffic from Primary Fortigate firewall to standby just change the priotiy of the firewall. Details are mentioned with an example.

Primary Firewall configuration:

Fortigate-Primary (global) # show system ha
config system ha
set group-id 1
set mode a-p
set hbdev “port1” 50 “port2” 50
set session-pickup enable
set override enable
set priority 200
set monitor “port3” “port4”
end

Secondary Firewall configuration:

Fortigate-Secondary (global) # show system ha
config system ha
set group-id 1
set mode a-p
set hbdev “port1” 50 “port2” 50
set session-pickup enable
set priority 125
set override enable
set monitor “port3” “port4”
end

Verfify cluster status:

Fortigate-Primary (global) # get system ha status
Model: 3810
Mode: a-p
Group: 1
Debug: 0
ses_pickup: enable
Master:200 CERTVIDEOS-FORTI-PRI FG3J1A6122622645 0
Slave   :125 CERTVIDEOS-FORTI-SEC FG3J1A6122611412 1
number of vcluster: 1
vcluster 1: work 198.1.1.1
Master:0 FG3J1A6122622645
Slave   :1 FG3J1A6122611412

Failover the traffic from active to standby (Master to slave):

Fortigate-Primary-~ (global) # config system ha
Fortigate-Primary-~ (ha) # set priority 124
Fortigate-Primary-~ (ha) # end

To do this from GUI, navigate to Config > HA, click the edit icon and change the firewall priority.

 

2 thoughts on “Failover Traffic From Master Fortigate Firewall to Standby (Slave):”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s