FortiMail HA: Primary Heartbeat Failure

If the primary unit looses connection and you have not configured a secondary heartbeat link, the FortiMail units in the HA group cannot verify the operation of the other unit, so both assume the other has failed. The secondary unit begins operating as a primary unit, which results in two units operating as primary units.

Two primary units connected to the same network may cause address conflicts on your network because matching interfaces will have the same IP addresses. Additionally, because the heartbeat link is interrupted, the FortiMail units in the HA group cannot synchronize configuration changes or mail data changes. Even after reconnecting the heartbeat link, both units will continue operating as primary units.

To return the HA group to normal operation, you must connect to the web-based manager of the secondary unit to restore its effective HA operating mode to slave.

Primary Heartbeat Link Failure

To recover from a heartbeat link failure:

Reconnect the primary heartbeat interface by reconnecting the heartbeat link Ethernet cable.

Connect to the web-based manager of the primary unit by navigating to System > High Availability > Status.

Check for synchronization messages. Do not proceed to the next step until the primary unit has synchronized with the secondary unit.

Connect to the web-based manager of the secondary unit by navigating to System > High Availability > Status and selecting “click HERE to restore configured operating mode”.

The HA group should return to its normal operations.

Share this recipe:

Facebooktwittergoogle_pluslinkedin

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.