[Failover test] Shut down FortiGate A


This recipe is part of the process of deploying FortiGate HA for AWS. See below for the rest of the recipes in this process:

  1. Customize the CFT template
  2. Check the prerequisites
  3. Review the network failover diagram
  4. Invoke the CFT template
  5. Connect to the FortiGates
  6. [Connectivity test] Configure FortiGate firewall policy
  7. [Failover test] Shut down FortiGate A
  1. Let’s test the failover situation where FortiGate A fails to run. First, while the two FortiGate instances are running, log into FortiGate A by connecting to the front-end public IP address, which is, associated with 
  2. Let’s see if FortiGate B promotes itself to the primary when FortiGate A fails to run. On the EC2 console, shut down FortiGate A.
  3. Connect to the same public front-end IP address,, by refreshing the browser. You have now successfully logged into FortiGate B, not FortiGate A, since the secondary IP address has moved to FortiGate B’s public-facing port.
  4. Check FortiGate B’s secondary IP address in EC2 console.
  5. Check the HA status while FortiGate A is down.
  6. Once FortiGate A comes back online, it runs as the secondary. It takes time for the HA to settle and the synchronization to function, as indicated by the green checkmarks.

Latest posts by In Hye Lee (see all)

  • Was this helpful?
  • Yes   No