How does the primary HA unit in a FortiGate cluster get chosen?

High Availability (HA) is a very relevant design consideration in firewalls. It helps to reduce risk of the dreaded "single point of failure" (*cue ominous music). In order for HA to work though, all firewalls within a HA cluster need to agree on what their part will be. FortiGate HA architecture relies on two distinct roles: a Primary FortiGate unit, and one (or more) Secondary FortiGate units. Let's chat about how those roles get selected.

If all of the FortiGate units have the exact same make/model/OS/license/etc... how does the HA protocol determine which unit does what? One option would be for administrators to manually choose. That's a bit boring though and I'll skip over that😉. FortiGates have a defined process that's built into the clustering protocol; a promotion workflow they describe as the Primary FortiGate "election process". Here are the high-level negotiation steps that help determine primary vs secondary units:

1. How many monitored interfaces have a status of up? This is the very first criteria that's checked. The firewall with the most monitored active interfaces becomes the primary. The thought process here is that a firewall with more critical network connections should be entitled to take a more significant part in HA function. If all of the FortiGates have the same quantity of monitored ports, the logic moves on to the next decision criteria...
2. Which firewall in the cluster has the longest HA uptime? If the firewalls have already been part of a HA cluster, they'll have some statistics logged concerning their longevity/history with that cluster. The firewall which has the highest HA uptime (by at least 5 minutes) theoretically has the most stability and is a good candidate for being a primary unit. If the difference between firewall units is less than 5 minutes, the logic moves on to the next decision criteria...
3. Which firewall has a greater priority value? This is a numeric value between 0-255. Default number is 128. The unit with the highest priority value is designated as the primary. Guess what happens if the priority value is the same? Yup, it goes on to the next criteria...
4. Which firewall has the highest serial number? This one is the ultimate tie-breaker. Since every FortiGate firewall will have a unique serial number, the cluster protocol will elect the unit with the highest serial as the Primary.

Pretty nifty, right? For more information, check out these resources:

HA primary unit selection criteria | Administration Guide

Fortinet docs logo