Technical Tip: HA fails after SNMP configuration on FortiGate 120G/121G
| Description | This article describes an HA failure observed on FortiGate 120G/121G devices after enabling SNMP queries. |
| Scope | FortiGate 120G/121G, SNMP, EMAC-VLAN, HA. |
| Solution | When SNMP queries are enabled on FortiGate 120G/121G devices, the HA cluster may become unsynchronized if SNMP queries target EMAC-VLAN interfaces on npu-vlink (for example, npu-0-1-222, npu-0-1-224, etc.).
The problem is triggered when querying the ifSpeed OID for EMAC-VLAN interfaces, such as:
snmpget -v2c -c <user> <host> ifSpeed.32 snmpget -v2c -c <user> <host> ifSpeed.45 snmpget -v2c -c <user> <host> ifSpeed.46 snmpget -v2c -c <user> <host> ifSpeed.47
After such queries, the FortiGate stops responding to SNMP, and the HA cluster fails. In this condition, both units can assume the master role simultaneously. Recovery requires a power reboot of both devices.
Note: Physical interfaces or VLAN interfaces do not exhibit this behavior. |