Technical Tip: HA sync does not work with FortiGate 3400E/3401E
Description
This article describes why HA between two FortiGates-3400E/3401E does not work.
Scope
For version 6.2.3.
Solution
When using FortiOS 6.2.3 and configuring Heartbeat interfaces as HA1 and HA2 on FortiGate-3400E/3401E, the HA sync may not work, and units might not be able to form HA.
## HA config ##
This is known issues 588908 for FortiGate-3400E/3401E when using FortiOS version 6.2.3. HA interfaces when used as hbdev causes this issue.
This could be found listed in release notes of FortiOS 6.2.3 as a known issue.
https://docs.fortinet.com/document/fortigate/6.2.3/fortios-release-notes/236526/known-issues
In order to fix this issue, two solutions can be used:
1) Avoid using the HA1 and HA2 interface as hbdev in the HA config.
2) The issue has been resolved in FortiOS 6.2.4 and upgrade to this version will solve the issue.
https://docs.fortinet.com/document/fortigate/6.2.4/fortios-release-notes/289806/resolved-issues
This article describes why HA between two FortiGates-3400E/3401E does not work.
Scope
For version 6.2.3.
Solution
When using FortiOS 6.2.3 and configuring Heartbeat interfaces as HA1 and HA2 on FortiGate-3400E/3401E, the HA sync may not work, and units might not be able to form HA.
## HA config ##
# config system haEnable HA debugs to check this further.
set group-id 21
set group-name "group-1"
set mode a-p
set password ENC xx
set hbdev "ha1" 10 "ha2" 0
set encryption enable
set authentication enable
set session-pickup enable
set session-pickup-connectionless enable
set ha-mgmt-status enable
# config ha-mgmt-interfaces
edit 1
set interface "mgmt1"
set gateway 172.10.10.12
next
end
set override disable
set priority 250
set ha-direct enable
end
# diag debug resetIn the debugs, the following errors would be seen:
# diag debug application hasync -1
# diag debug application hatalk -1
# diag debug enable
<hasync:WARN> conn=0x1c14fd20 dst=169.254.0.1 sync_type=3(fib) expired/now/timeo=1143336/1143337/5 flag =0x0 buf_cnt=1 retries=0 state=1 cur_w_pos=0 cur_r_pos=0Solution.
<hasync:WARN> conn=0x1c14fd20 abort: rt=-2, dst=169.254.0.1, sync_type=3(fib)
<hasync:WARN> Error = Network is unreachable
<hasync:WARN> [toconnect_timer_func:651] conn=0x1c14fd20 to-connect timeout, dst=169.254.0.1
<hasync:WARN> [toconnect_timer_func:651] conn=0x1c14d5e0 to-connect timeout, dst=169.254.0.1
<hasync:WARN> [ha_udp_write_all] sendto(169.254.0.63) faild: 101(Network is unreachable). sync_type=21, buffer_len=29
This is known issues 588908 for FortiGate-3400E/3401E when using FortiOS version 6.2.3. HA interfaces when used as hbdev causes this issue.
This could be found listed in release notes of FortiOS 6.2.3 as a known issue.
https://docs.fortinet.com/document/fortigate/6.2.3/fortios-release-notes/236526/known-issues
In order to fix this issue, two solutions can be used:
1) Avoid using the HA1 and HA2 interface as hbdev in the HA config.
2) The issue has been resolved in FortiOS 6.2.4 and upgrade to this version will solve the issue.
https://docs.fortinet.com/document/fortigate/6.2.4/fortios-release-notes/289806/resolved-issues