Skip to main content
sjoshi
Staff
sjoshi
Staff
March 5, 2026

Troubleshooting Tip: FortiGate 6k HA fails to form due to VDOM license mismatch

  • March 5, 2026
  • 0 replies
  • 216 views
Description

 

This article describes a scenario where a FortiGate 6000 Series HA cluster fails to form due to a VDOM license mismatch between peer units.

 

Scope

 

FortiGate.

 

Solution

 

Environment:

  • Platform: Fortinet FortiGate 6000F
  • Deployment Mode: HA (Active-Passive or Active-Active)
  • Feature: Multi-VDOM

 

HA config:

 

FortiGate-6000F (global) # show sys ha
    config system ha
        set group-id 1
        set group-name "FTNT-Lab"
        set mode a-p
        set password ENC 1DIhUpBUmPbZkJ4NNmoO7yF2F+4u1bm0xV2RU4AsmTBe3o0cKj5cdhml4buraO6Wbm8cy+dRpd+gf1WrQGkIiLDkBvrveT40BXr4G4WPJ7JmMY8D3Pyf+2wFFxL0Fl1LwDggQdzlJZLf79DbiiGjGQnqG/FyO+jJIwBa+J8AmzicTLIaV3ti3QrUqjQdKGfLg4FxvQ==
        set hbdev "ha1" 200 "ha2" 100
        set route-ttl 300
        set session-pickup enable
        set uninterruptible-upgrade enable
        set ha-uptime-diff-margin 120
        set override enable
        set priority 200
    end

 

To understand what is occurring during HA cluster formation, collect the HA talk debug output:

 

diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application hatalk -1
diagnose debug enable

 

To stop debugging:


diagnose debug disable
diagnose debug reset

 

FortiGate-6000F (global) # <hatalk> parse options for 'F6KF51xxxxxxxxx', packet_version=29
<hatalk> HA cannot be formed because the HA peer 'F6KF51xxxxxxxxx' has 78 vdoms. It exceeds the maximum number of vdoms allowed on this box, which only allows maximum 10 vdoms.
<hatalk> parse options for 'F6KF51xxxxxxxxx', packet_version=29
<hatalk> HA cannot be formed because the HA peer 'F6KF51xxxxxxxxx' has 78 vdoms. It exceeds the maximum number of vdoms allowed on this box, which only allows maximum 10 vdoms.
di<hatalk> parse options for 'F6KF51xxxxxxxxx', packet_version=29
<hatalk> HA cannot be formed because the HA peer 'F6KF51xxxxxxxxx' has 78 vdoms. It exceeds the maximum number of vdoms allowed on this box, which only allows maximum 10 vdoms.
<hatalk> parse options for 'F6KF51xxxxxxxxx', packet_version=29
<hatalk> HA cannot be formed because the HA peer 'F6KF51xxxxxxxxx' has 78 vdoms. It exceeds the maximum number of vdoms allowed on this box, which only allows maximum 10 vdoms.
agnose <hatalk> parse options for 'F6KF51xxxxxxxxx', packet_version=29

 

The HA cluster failed to form because of a VDOM license mismatch between the devices. The primary unit was configured with 78 VDOMs, while the secondary unit had only the default 10-VDOM license, as the additional VDOM license had not been applied. Since FortiGate validates license capacity during HA negotiation, this mismatch prevented the cluster from forming.

 

From the Secondary FortiGate:

 

FortiGate-6000F (global) # get sys status
Version: FortiGate-6501F v7.2.10,build9717,250911 (Non-GA)
Current virtual domain: mgmt-vdom
Max number of virtual domains: 10

 

To resolve the HA formation issue, ensure that both the primary and secondary FortiGate devices have matching VDOM licenses. Apply the additional VDOM license on the secondary unit so it can support the same number of VDOMs as the primary device. Once the VDOM counts match, reattempt HA formation, and the cluster should form successfully.

    Terms & ConditionsAccessibility statement