This article describes how to troubleshooting high availability FortiGate-VM for Azure and how to see when public IP address is moved from master to slave.
Before starting HA failover, it would be good to verify HA status is in-sync by
# get system ha status
If HA status is not in-sync, you can check how to troubleshoot HA synchronization issue https://kb.fortinet.com/kb/documentLink.do?externalID=FD45183
You can run below debug commands before proceed HA failover.
# diagnose debug disable
# diagnose debug reset
# diagnose debug console timestamp enable
# diagnose debug application sdncd -1
# diagnose debug application azd -1
# diagnose debug enable
Then proceed failover. You will see detail on failover progresses or an error.
This is a sample of output if HA failover is completed.
To stop the debug:2020-12-12 13:00:49 removing pubip <----- Removing public IP address from master unit.
2020-12-12 13:00:50 query nic FortiGate-A-nic1
2020-12-12 13:00:51 query nic FortiGate-A-nic1, rc: 0
2020-12-12 13:00:51 remove public ip FGTAPClusterPublicIP in ipconfig ipconfig1 of nic FortiGate-A-nic1
2020-12-12 13:00:51 updating nic: FortiGate-A-nic1
2020-12-12 13:00:53 updating nic: FortiGate-A-nic1, rc: 0
2020-12-12 13:00:54 operation: "updating nic: FortiGate-A-nic1", status: InProgress
2020-12-12 13:01:04 operation: "updating nic: FortiGate-A-nic1", status: InProgress
2020-12-12 13:01:14 operation: "updating nic: FortiGate-A-nic1", status: InProgress
2020-12-12 13:01:24 operation: "updating nic: FortiGate-A-nic1", status: InProgress
2020-12-12 13:01:34 operation: "updating nic: FortiGate-A-nic1", status: Succeeded <----- Updating IP address on master unit is done.
2020-12-12 13:01:36 adding pubip <----- Moving public IP address to the new master unit.
2020-12-12 13:01:36 query nic FortiGate-B-nic1
2020-12-12 13:01:36 query nic FortiGate-B-nic1, rc: 0
2020-12-12 13:01:36 add public ip FGTAPClusterPublicIP in ipconfig ipconfig1 of nic FortiGate-B-nic1
2020-12-12 13:01:37 updating nic: FortiGate-B-nic1
2020-12-12 13:01:37 updating nic: FortiGate-B-nic1, rc: 0
2020-12-12 13:01:39 operation: "updating nic: FortiGate-B-nic1", status: InProgress
2020-12-12 13:01:49 operation: "updating nic: FortiGate-B-nic1", status: InProgress
2020-12-12 13:02:00 operation: "updating nic: FortiGate-B-nic1", status: InProgress
2020-12-12 13:02:10 operation: "updating nic: FortiGate-B-nic1", status: InProgress
2020-12-12 13:02:19 operation: "updating nic: FortiGate-B-nic1", status: Succeeded <----- Updating IP address on the new master unit is done.
2020-12-12 13:02:20 query route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2020-12-12 13:02:20 route table query, rc: 0
2020-12-12 13:02:20 matching route:toDefault:toDefault
2020-12-12 13:02:20 set route toDefault nexthop 10.44.99.254
2020-12-12 13:02:21 updating route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2020-12-12 13:02:21 updating route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, rc: 0
2020-12-12 13:02:21 operation: "updating route table DefaultRouteTable in resource group ResourceGroupName of subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", status: Succeeded <----- Updating route table in the Azure resource group is done.
# diagnose debug disable
# diagnose debug reset
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.