Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pkungatti_FTNT
Staff
Staff

Created on ‎09-18-2019 05:09 AM

Article Id 197289

Technical Tip: Verifying HA health before cluster upgrade

Description
This article describes how to verify Cluster health before upgrades.

Solution
Before upgrading the cluster, ensure that HA is healthy/OK and configs are in sync.

The below commands can be run to verify the health and ensure the configs are matching across all the cluster members.
#get sys ha status
#diagnose sys ha checksum cluster
Example:
# get sys ha status
Master selected using:
HA Health Status: OK
Model: FortiGate-600D
Mode: HA A-A
Group: 0
Debug: 0
Cluster Uptime: 179 days 22:24:43
Cluster state change time: 2019-05-18 04:47:09
<2019/05/18 04:47:09> FGT6HDxxxxxxxxxx is selected as the master because it has the largest value of uptime.
ses_pickup: enable, ses_pickup_delay=disable
load_balance: disable
load_balance_udp: disable
schedule: Round robin.
upgrade_mode: unset
override: disable
Configuration Status:
FGT6HDxxxxxxxxxx(updated 3 seconds ago): in-sync   <<<<<<<<<<<<------------------
FGT6HDyyyyyyyyyy(updated 1 seconds ago): in-sync  <<<<<<<<<<<<------------------
System Usage stats:
FGT6HDxxxxxxxxxx(updated 3 seconds ago):
sessions=14572, average-cpu-user/nice/system/idle=2%/0%/1%/96%, memory=77%
FGT6HDyyyyyyyyyy(updated 1 seconds ago):
sessions=3825, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=51%
HBDEV stats:
FGT6HDxxxxxxxxxx(updated 3 seconds ago):
port15: physical/1000full, up, rx-bytes/packets/dropped/errors=44286098988/136051979/0/0, tx=266249877281/274396344/0/0
port16: physical/1000full, up, rx-bytes/packets/dropped/errors=20247283417/52864903/0/0, tx=20723154835/52865254/0/0
FGT6HDyyyyyyyy(updated 1 seconds ago):
port15: physical/1000full, up, rx-bytes/packets/dropped/errors=266247307494/274389942/0/0, tx=44280135002/136043322/0/0
port16: physical/1000full, up, rx-bytes/packets/dropped/errors=20722128293/52862573/0/0, tx=20246274305/52862335/0/0
MONDEV stats:
FGT6HDxxxxxxxxxx(updated 3 seconds ago):
port9: physical/1000full, up, rx-bytes/packets/dropped/errors=154706906550/161953967/0/0, tx=128455750103/149240180/0/0
port10: physical/1000full, up, rx-bytes/packets/dropped/errors=566552879/6943770/0/264, tx=350528/5477/0/0
port14: physical/1000full, up, rx-bytes/packets/dropped/errors=361891164832/708316144/0/0, tx=1033587261436/1011139604/0/0
port17: physical/10000full, up, rx-bytes/packets/dropped/errors=2318434688942/9946120011/0/6, tx=9507301186447/9587055738/0/0
FGT6HDyyyyyyyy(updated 1 seconds ago):
port9: physical/1000full, up, rx-bytes/packets/dropped/errors=987576998/12154784/0/0, tx=0/0/0/0
port10: physical/1000full, up, rx-bytes/packets/dropped/errors=732328255/9561376/0/264, tx=0/0/0/0
port14: physical/1000full, up, rx-bytes/packets/dropped/errors=519449014/5814985/0/0, tx=0/0/0/0
port17: physical/10000full, up, rx-bytes/packets/dropped/errors=1597214334/22293982/0/728, tx=0/0/0/0
Master: CORE_FW1 , FGT6HDxxxxxxxx, cluster index = 1
Slave : CORE_FW2 , FGT6HDyyyyyyyy, cluster index = 0
number of vcluster: 1
vcluster 1: work 169.254.0.2
Master: FGT6HDxxxxxxxxxx, operating cluster index = 0
Slave : FGT6HDyyyyyyyyy, operating cluster index = 1

952
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.