Refer to the exhibit showing FortiGate configurations.
FortiManager VM high availability (HA) is not functioning as expected after being added to an existing deployment.
The administrator finds that VRRP HA mode is selected, but primary and secondary roles are greyed out in the GUI. The managed devices never show online when FMG-B becomes primary, but they will show online whenever the FMG-A becomes primary.
What change will correct HA functionality in this scenario?
The managed devices should be configured to point to the virtual IP (VIP) of the FortiManager HA setup. In this case, changing the FortiManager IP address on the managed FortiGates to 10.3.106.65 (the VIP) will ensure that the devices are always able to connect to the active FortiManager, whether FMG-A or FMG-B is primary. Without this change, the devices might only try to connect to the specific IP of FMG-A or FMG-B, failing to recognize which one is currently the primary.
https://docs.fortinet.com/document/fortimanager/7.4.1/administration-guide/800686/configuring-ha-options
B is correct because the monitored IP must match on both FortiManager devices for HA to function properly. This is explained in the FortiManager Administration Guide under High Availability > Configuring HA options > Configuring HA options using the GUI.
https://docs.fortinet.com/document/fortimanager/7.4.1/administration-guide/203784/if-the-primary-or-a-backup-unit-fails
A. The managed devices go off-line (e.g. Fortigate) if they are not pointed to the VIP of the FortiManager. When FM-A comes back-online all is good - suggesting that the managed FG points to the real IP of FM-A, hence failover to FM-B = no visibility. Monitored IPs don't have to match. Primary Secondary roles grayed out when VRRP configured and will change in the CLI output based upon the primary/secondary. Priority is un-related.
A is the answer. https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-VRRP-HA-configuration-in-Azure-Public/ta-p/267503 https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-HA-setup-and-troubleshooting/ta-p/222998