In the event that one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA to a working state?
A.
Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.
B.
The FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
C.
Reconfigure the primary device to remove the peer IP of the failed device.
D.
Reboot the failed device to remove its IP from the primary device.
Answer C is correct. Here directly from the admin guide
(https://docs.fortinet.com/document/fortimanager/7.0.5/administration-guide/203784/if-the-primary-or-a-backup-unit-fails):
"If the primary unit fails, the backup units stop receiving HA heartbeat packets from the primary unit. If one of the backup units fails, the primary unit stops receiving HA heartbeat packets from the backup unit. In either case, the cluster is considered down until it is reconfigured."
...
"Reconfigure the cluster by removing the failed unit from the cluster configuration. If the primary unit has failed, this means configuring one of the backup units to be the primary unit and adding peer IPs for all of the remaining backup units to the new primary unit configuration.
If a backup unit has failed, reconfigure the cluster by removing the peer IP of the failed backup unit from the primary unit configuration."
The correct action to return FortiManager HA manual mode to a working state after one of the secondary devices fails is:
Reconfigure the primary device to remove the peer IP of the failed device.
In HA manual mode, the administrator must manually manage the failover process. This includes removing the peer IP of the failed device from the primary FortiManager to restore the system to a healthy state. Once the failed device is removed from the configuration, the remaining devices can continue operating without issues related to the failed unit.
Rebooting is not necessary unless it’s part of the recovery or replacement process for the failed device.
A: FortiManager_7.0_Study_Guide-Online.pdf page 326: If the primary device fails, the administrator must do the following in order to return the FortiManager HA to a working state:
1. Manually reconfigure one of the secondary devices to become the primary device.
2. Reconfigure all other secondary devices to point to the new primary device.
You don’t need to reboot devices that you promote from secondary to primary.
This part of the answer is OK " Manually promote one of the working secondary devices to the primary role".
However, the official guide does not mention this: "and reboot the old primary device to remove the peer IP of the failed device".
The reason the option "Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device" is not correct is that, in manual mode, FortiManager HA does not automatically failover to secondary devices. The process is entirely controlled by the administrator, meaning that failover does not happen unless you manually intervene.
In manual mode, the administrator's responsibility is to remove the failed device's peer IP from the primary device. There is no need to promote a secondary device unless the primary itself has failed, which isn’t the case here.
Thus, the correct action is simply reconfiguring the primary device to remove the failed device’s IP without needing to promote or reboot other devices.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ruzjio
Highly Voted 2Â years agomanuelE2493
Highly Voted 2Â years agowhatz
2Â years agomyrmidon3
Most Recent 3Â months, 3Â weeks agoleoh_182
1Â year, 8Â months agomorningstar
2Â years, 1Â month agomyrmidon3
3Â months, 3Â weeks agoSlatz
2Â years, 1Â month agoKavinT
2Â years, 1Â month ago