Troubleshooting Tip: Secondary member's status is missing after the initial Active-Passive HA configuration on FortiPAM

Description

This article describes the case where both members are defined individually as 'Primary' and there is no secondary members's status shown after setting up the initial Active-Passive HA. Even if the HA status is specified as 'Synchronized' on both members, the HA setup is not properly done.

Scope

FortiPAM.

Solution

The reason for this initial HA setup failure is the subnets of the HA interfaces. In this case, both primary and secondary define themselves as 'primary' if the HA interfaces on both sides are in different subnets. 

Note: HA members can be located in different Data Centers as well. In this case, the L2 connectivity is needed to be provided between them (through MPLS, BGP etc).

The HA synchronization will start after both HA interfaces added into the same subnet and their role will be negotiated accordingly.