Technical Tip: Troubleshooting HA failover FortiGate-VM for Azure

This article describes how to troubleshooting high availability FortiGate-VM for Azure and how to see when public IP address is moved from master to slave.

Before starting HA failover, it would be good to verify HA status is in-sync by

# get system ha status

If HA status is not in-sync, you can check how to troubleshoot HA synchronization issue https://kb.fortinet.com/kb/documentLink.do?externalID=FD45183

You can run below debug commands before proceed HA failover.

# diagnose debug disable

# diagnose debug reset

# diagnose debug console timestamp enable

# diagnose debug application sdncd -1

# diagnose debug application azd -1

# diagnose debug enable

Then proceed failover. You will see detail on failover progresses or an error.

This is a sample of output if HA failover is completed.

2020-12-12 13:00:49 removing pubip  <----- Removing public IP address from master unit.

2020-12-12 13:00:50 query nic FortiGate-A-nic1

2020-12-12 13:00:51 query nic FortiGate-A-nic1, rc: 0

2020-12-12 13:00:51 remove public ip FGTAPClusterPublicIP in ipconfig ipconfig1 of nic FortiGate-A-nic1

2020-12-12 13:00:51 updating nic: FortiGate-A-nic1

2020-12-12 13:00:53 updating nic: FortiGate-A-nic1, rc: 0

2020-12-12 13:00:54 operation: "updating nic: FortiGate-A-nic1", status: InProgress

2020-12-12 13:01:04 operation: "updating nic: FortiGate-A-nic1", status: InProgress

2020-12-12 13:01:14 operation: "updating nic: FortiGate-A-nic1", status: InProgress

2020-12-12 13:01:24 operation: "updating nic: FortiGate-A-nic1", status: InProgress

2020-12-12 13:01:34 operation: "updating nic: FortiGate-A-nic1", status: Succeeded <----- Updating IP address on master unit is done.

2020-12-12 13:01:36 adding pubip <----- Moving public IP address to the new master unit.

2020-12-12 13:01:36 query nic FortiGate-B-nic1

2020-12-12 13:01:36 query nic FortiGate-B-nic1, rc: 0

2020-12-12 13:01:36 add public ip FGTAPClusterPublicIP in ipconfig ipconfig1 of nic FortiGate-B-nic1

2020-12-12 13:01:37 updating nic: FortiGate-B-nic1

2020-12-12 13:01:37 updating nic: FortiGate-B-nic1, rc: 0

2020-12-12 13:01:39 operation: "updating nic: FortiGate-B-nic1", status: InProgress

2020-12-12 13:01:49 operation: "updating nic: FortiGate-B-nic1", status: InProgress

2020-12-12 13:02:00 operation: "updating nic: FortiGate-B-nic1", status: InProgress

2020-12-12 13:02:10 operation: "updating nic: FortiGate-B-nic1", status: InProgress

2020-12-12 13:02:19 operation: "updating nic: FortiGate-B-nic1", status: Succeeded <----- Updating IP address on the new master unit is done.

2020-12-12 13:02:20 query route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

2020-12-12 13:02:20 route table query, rc: 0

2020-12-12 13:02:20 matching route:toDefault:toDefault

2020-12-12 13:02:20 set route toDefault nexthop 10.44.99.254

2020-12-12 13:02:21 updating route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

2020-12-12 13:02:21 updating route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, rc: 0

2020-12-12 13:02:21 operation: "updating route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", status: Succeeded <----- Updating route table in the Azure resource group is done.

# diagnose debug disable

# diagnose debug reset