Exam NSE4_FGT-7.0 topic 1 question 14 discussion

Correct are AD, because HA age of fortinet SNxxx64682 is only 198seconds, HA by age need more than 300 seconds as estated in the reference "If HA age difference is less than 5 minutes (300 seconds), the device priority and FortiGate serial number selects the cluster unit to become the primary unit."

Acá la respuesta es A y D, porque la anulación de HA está habilitada y el proceso que se cumple es: puertos monitoreados --> Prioridad --> Tiempo de actividad de HA --> números seriales. La prioridad se considera antes que el tiempo de actividad de HA. Y para este caso el Tiempo de actividad de HA no es mayor a 300 segundos, por lo que se descarta

Correct: A. FortiGate SN FGVM010000065036 HA uptime has been reset. (reset_cnt=1) D. FortiGate SN FGVM010000064692 has the higher HA priority. (by discard) Incorrect: B. FortiGate devices are not in sync because one device is down. (not in exhibit) C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime. (no greater than 300 sec) Note: In this exhibit the primary unit is FGVM...65036. Tested in lab, the primary unit is always the one with ha_prio/o=0/0. When there is a failover event the new unit assumes primary role and gets ha_prio/o=0/0

Base on this document, answer should be A and D. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restoring-HA-master-role-after-a-failover-using/ta-p/197460

correct answer is A & D

AD - If you want to make sure that the same cluster unit always operates as the primary unit and if you are less concerned about frequent cluster negotiation you can set its device priority higher than other cluster units and enable override.

Since the uptime is less than five minutes, the master unit will be elected by the priority and serial number, not the uptime.

Correct are AD.

AD correct answer

I think AC, override enable must be enabled on all cluster members via cli. The question says that override enable is only active on the primary. Study Guide page 320: The override settings and device priority values are not synchronized to all cluster members. You must enable an adjust device pritority manually and separately for each cluster member.

AD correct answer

Override must enable on both FW. But in this question enabled only on one FW. Correct are A and C

The key is that override is enabled. It is true that the uptime has been reset, but this doesn't make it priority when override is enabled. It is priority because it has the highest priority set. We can think of override as "we set the priority and it overrides all that other junk!"

- Negotiation and primary unit selection is triggered if a cluster unit fails or if a monitored interface fails. - If the HA age difference is more than 5 minutes (300 seconds), the cluster unit that is operating longer becomes the primary unit. - If HA age difference is less than 5 minutes (300 seconds), the device priority and FortiGate serial number selects the cluster unit to become the primary unit. - Every time a monitored interface fails the HA age of the cluster unit is reset to 0. - Every time a cluster unit restarts the HA age of the cluster unit is reset to 0. *A the uptime value is to 0 and reset count 1 for unit 65036 -> correct B the 2 device are present C 64692 unit HA uptime is 198 secondes more than unit 65036, so less tan 300 secondes,the uptime can't be the reson that this unit is the primary (prio/o=1/1) *D We have no indicator about prio configured value but the unit 64692 is the primary, it can only be this solution Agree ?

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/123439/primary-unit-selection-with-override-enabled

Study Guide – HA – Primary FG Election: Override Disabled. The override setting is enable for the FortiGate with SN FGVM010000064692. You must enable override and adjust device priority manually and separately for each cluster member. In this case, override disabled for the cluster. #diagnose sys ha dump-by vcluster FGVMxxxx92:…uptime/reset_cnt=198/0 FGVMxxxx36:…uptime/reset_cnt=0/1 (0 is for the device with lower HA uptime, 1 is the number of times HA uptime has been reset for this device) Selection process that stops at the first match: 1. The cluster first compares the number of monitored interfaces whose statuses are up. The FG with the most available monitored interfaces become the primary. 2. If the HA uptime of a device is at least FIVE MINUTES (300 seconds) more that the HA uptimes of the other FG devices, it becomes the primary. 3. The FG with the configured highest priority becomes the primary. 4. The cluster chooses the primary by comparing serial number.

This question seems wrong, ha_prio/o=0/0 means its a primary member. also, it never says anything about which has higher priority so we have to assume they both have the same priority. that leaves the uptime for a tie and the tiebreaker is serial. SN 65036 is higher that's why its the primary ha_prio/o=0/0