beautypg.com

Monitoring cluster units for failover, Viewing cluster communication sessions – Fortinet FortiGate 4000 User Manual

Page 91

background image

High availability

Managing an HA cluster

FortiGate-4000 Installation and Configuration Guide

91

3

Select the serial number of one of the units in the cluster to display the logs for this
cluster unit.
You can view logs saved to memory or logs saved to the hard disk, depending on the
configuration of the cluster unit.

4

For each cluster unit:
• If the cluster unit logs to memory you can view, search, and manage log

messages. For more information, see

“Viewing logs saved to memory” on

page 314

.

Monitoring cluster units for failover

If the primary unit in the cluster fails, the units in the cluster renegotiate to select a new
primary unit. Failure of the primary unit results in the following:

• If SNMP is enabled, the new primary FortiGate unit sends the trap message “HA

switch”. This trap indicates that the primary unit in an HA cluster has failed and has
been replaced with a new primary unit.

• The cluster contains fewer FortiGate units. The failed primary unit no longer

appears on the Cluster Members list.

• The host name and serial number of the primary cluster unit changes.
• The new primary unit logs the following messages to the event log:

HA slave became master
Detected HA member dead

If a subordinate unit fails, the cluster continues to function normally. Failure of a
subordinate unit results in the following:

• The cluster contains fewer FortiGate units. The failed unit no longer appears on the

Cluster Members list.

• The master unit logs the following message to the event log:

Detected HA member dead

Viewing cluster communication sessions

1

Connect to the cluster and log into the web-based manager.

2

Go to System > Status > Session.
The session table displays the sessions processed by the primary unit in the cluster,
including HA communication sessions between the primary unit and the subordinate
units. HA communications use:
• Port 702 as the destination port,
• From and To IP address on the 10.0.0.0 subnet.

During cluster negotiation, the HA interface of each cluster unit is assigned an IP
address. The IP address of the primary unit is 10.0.0.1. The IP address of the first
subordinate unit is 10.0.0.2. The IP address of the second subordinate unit is
10.0.0.3 and so on.