Troubleshooting Tip: FortiGate D series firewall has serial number FGT0000000000001 after upgrade to v7.4.10, causing HA split-brain
| Description | This article describes an issue currently under investigation which can affect D series devices with older BIOS versions. |
| Scope | Devices with older BIOS versions upgrading to FortiOS v7.4.10 or later, FortiOS v7.6.5 or later. |
| Solution | Units are affected by this issue based on both firmware version and BIOS revision. If multiple units in an HA cluster are affected, this will trigger HA split-brain, a serious condition causing severe ongoing network disruption until the issue is mitigated. If reverting to the previous firmware version is not possible, split-brain can be mitigated by shutting down all affected units except one. See the article Technical Tip: High availability split brain.
If only one unit in an HA cluster is affected, the issue will not trigger split-brain, but may cause partial configuration loss and HA synchronization issues in the cluster.
Note: Different devices with the same model may have a different BIOS revision.
Symptoms:
An affected device has the serial number 'FGT0000000000001' showing in Status Dashboard and 'get system status' output:
get system status | grep Serial
When an affected device boots after firmware upgrade, the following logs are visible in console output:
FortiGate-3700D (13:25-03.11.2015)
If an HA cluster has an affected device present, HA history logs may show entries referencing an invalid serial number 'FGT0000000000001'.
diagnose sys ha history read <2026-02-01 01:00:21> vcluster-1: FGT0000000000001 is selected as the primary because it's the only member in the cluster.
Workaround:
Rollback each device to the previous unaffected firmware version by booting from the alternate partition following steps in the article Technical Tip: Selecting an alternate firmware for the next reboot.
If the previous firmware version has a known vulnerability motivating upgrade to FortiOS v7.4.11, and at least one cluster member is running an affected BIOS version, follow approved mitigation steps until such time as a fix is available.
Firewall with VDOM:
A FortiGate which has a VDOM configured will receive the following VDOM license error while upgrading the affected firmware versions:
WARNING: BIOS certificate has a different SN. Decode VDOM license key failed. <pid-397 /bin/cmdbsvr> Too many entries in all tables of 'system.interface': 256 / global-max=256 .............
Due to this repetitive 'Too many entries in all tables' warning, the firewall is unable to restart automatically.
To recover the device, follow these steps:
Resolution:
The issue is under investigation, tracked by issue ID# 1252663. A fix is tentatively scheduled for FortiOS v7.4.12, v7.6.7, v8.0.0.
Note: Fortinet has fixed the issue and released the revised images for 7.4.11 and 7.6.6 on the Fortinet Support site: Welcome to Fortinet Support.
Recommendation:
Before upgrading to an affected firmware version, it is recommended to verify the current BIOS version of each device in the cluster using the 'get system status' command on each cluster member.
Devices with BIOS versions earlier than 05000002 are affected by this issue, including all 0400000XX versions. A previous version of this article mentioned BIOS versions 05000004 and later are not affected, but it has since been confirmed that BIOS versions 05000003 and later are not affected by this issue. A BIOS version of exactly 05000002 may or may not be affected by this issue, depending on the device.
Affected device:
get system status FortiGate-3700D v7.4.10,build2867,260116 (GA.M) ...
Not currently affected, but will be affected after upgrade:
get system status | grep BIOS
Not affected and will not be affected after upgrade:
get system status | grep BIOS
Inconclusive:
get system status | grep BIOS |