Wednesday, April 16, 2014

Unable to set HA mode on FortiGate

I recently had to configure a FortiGate Active – Passive HA cluster.  I did the configuration through the GUI, but no matter what I did it always reverted back to Standalone mode.

I then dropped into jedi (aka the CLI) mode and tried to configure the cluster from there, like so:

-------------------------------------------------------------------------------------------------------------------------------

FORTIGATE # config system ha
FORTIGATE (ha) # set mode

standalone    Standalone mode.

The system may run in HA A-A or HA A-P mode only when all interfaces are NOT using DHCP/PPPoE as an addressing mode.

-------------------------------------------------------------------------------------------------------------------------------

And there is our problem – no interfaces are allowed to be set to DHCP if you want to enable HA.  I corrected this and then proceeded to configure HA.

FORTIGATE (ha) # set mode a-p
FORTIGATE (ha) #

I tested and was also able to set this via the GUI now.  First prize would of course be if FortiNet properly handles the error in the GUI, but nice to know that the proper error message is given the CLI.