Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

If the primary unit fails

If the primary or master unit becomes unavailable, another unit in the cluster is selected as the primary unit using the following rules:

  • All cluster units are assigned a priority from 80 – 120. The default priority is 100. If the primary unit becomes unavailable, an available unit with the highest priority is selected as the new primary unit. For example, a unit with a priority of 110 is selected over a unit with a priority of 100.
  • If multiple units have the same priority, the unit whose primary IP address has the greatest value is selected as the new primary unit. For example, 123.45.67.123 is selected over 123.45.67.124.
  • If a new unit with a higher priority or a greater value IP address joins the cluster, the new unit does not replace (or preempt) the current primary unit.

If the FortiAnalyzer being replaced is the primary, after replacing it, use execute fgfm reclaim-dev-tunnel to force FortiGates to connect to the new FortiAnalyzer.

If the primary unit fails

If the primary or master unit becomes unavailable, another unit in the cluster is selected as the primary unit using the following rules:

  • All cluster units are assigned a priority from 80 – 120. The default priority is 100. If the primary unit becomes unavailable, an available unit with the highest priority is selected as the new primary unit. For example, a unit with a priority of 110 is selected over a unit with a priority of 100.
  • If multiple units have the same priority, the unit whose primary IP address has the greatest value is selected as the new primary unit. For example, 123.45.67.123 is selected over 123.45.67.124.
  • If a new unit with a higher priority or a greater value IP address joins the cluster, the new unit does not replace (or preempt) the current primary unit.

If the FortiAnalyzer being replaced is the primary, after replacing it, use execute fgfm reclaim-dev-tunnel to force FortiGates to connect to the new FortiAnalyzer.