Replace FotiGate unit when in HA mode

Replace FotiGate unit when in HA mode

^{Created: 2021-01-28 01:54:35 | Last modified: 2021-02-01 09:30:58}
^{Access: Read}^{| Views: 38}^{| Rating: N/A}^{| Tags: fortigate}
Instructions of how to replace an HA unit when it fails.

When a FortiGate unit fails, you need to find a way to add a new one back into the cluster. In our example, we copied the config from an old cluster to a new, but now need to add the second device into the new cluster.

To do this, both of the units need to be the same model, and need to have the same version of firmware on both of the devices.

The new unit needs to be added as a secondary unit to avoid any configuration corruption or loss on the active firewall.

Process

1) Connect to each device with a serial rollover cable and putty, use the following settings

Baud Rate (bps): 9600
Data bits: 8
Parity: None
Stop bits:1
Flow Control: None

2) On the unit currently running, get the settings from the CLI using the following command

config system ha
show

3) On the new unit, all cables must be unplugged, copy the configuration you just pulled from the running device into the new device, in my example it is this.

config system ha
    set group-name "fw1"
    set mode a-p
    set password ENC fsvh+Hf1Qmz8ae7/9TjHbYRiMw3SEGGSEGSGESHSEshgSEHHEShgweageshgsseytay43weayZh2Hg6g==
    set hbdev "ha1" 50 "ha2" 50
    set hb-interval 5
    set session-pickup enable
    set override disable
    set priority 129
end

4) Once you have done the above, shut down the new device, plug in required cables (Including HA ports) and power up. Monitor the new device with the serial.