Override master, Password – Fortinet 100A User Manual

System config

HA configuration

FortiGate-100A Administration Guide

01-28007-0068-20041203

87

You can use the unit priority to control the order in which cluster units become the
primary cluster unit when a cluster unit fails. For example, if you have three
FortiGate-3600s in a cluster you can set the unit priorities as shown in

Table 4

. Cluster

unit A will always be the primary cluster unit because it has the highest priority. If
cluster unit A fails, cluster unit B becomes the primary cluster unit because cluster unit
B has a higher unit priority than cluster unit C.

The unit priority is not synchronized to all cluster units. Each cluster unit can have a
different unit priority.

In a functioning cluster, if you change the unit priority of the current primary cluster
unit to a lower priority, when the cluster renegotiates a different cluster unit becomes
the primary cluster unit.

Override Master

Configure a cluster unit to always override the current primary cluster unit and become
the primary cluster unit. Enable override master for the cluster unit that you have given
the highest unit priority. Enabling Override Master means that this cluster unit always
becomes the primary cluster unit.

In a typical FortiGate cluster configuration, the primary unit is selected automatically.
In some situations, you might want to control which unit becomes the primary unit.
You can configure a FortiGate unit as the permanent primary unit by setting a high
unit priority and by selecting override master. With this configuration, the same cluster
unit always becomes the primary cluster unit.

If override master is enabled and the primary cluster unit fails another cluster unit
becomes the primary unit. When the cluster unit with override master enabled rejoins
the cluster it overrides the current primary unit and becomes the new primary unit.
When this override occurs, all communication sessions through the cluster are lost
and must be re-established.

Override master is not synchronized to all cluster units.

In a functioning cluster, if you select override master for a cluster unit the cluster
negotiates and may select a new primary cluster unit.

Password

Enter a password for the HA cluster. The password must be the same for all FortiGate
units in the HA cluster. The maximum password length is 15 characters.

If you have more than one FortiGate HA cluster on the same network, each cluster
should have a different password.

Table 4: Example unit priorities for a cluster of three cluster units

Cluster unit

Unit priority

A

200

B

100

C

50