Skip to main content
MatheusSerrapede
MatheusSerrapede
New Member
October 28, 2025
Question

Firewall not working after HA failover

  • October 28, 2025
  • 2 replies
  • 1073 views

Hi everyone, I'm having a very unusual problem. I have a FortiGate cluster on IBM Cloud, version 7.6.2. Node 1 and Node 2. Node 1 had a RAM problem, rebooted, and failed over to Node 2, so far, no problems. I kept Node 2 active while we replaced the RAM. The problem is that, after replacing the RAM, whenever I try to fail over to return Node 1 to active, the network gets extremely intermittent, several pings are lost, many systems can't communicate, and BGP neighbors won't connect. Of course, I've checked everything I could think of, the HA configurations are correct, and the boxes are syncing without any issues. Has anyone else experienced a similar scenario?

2 replies

BillH_FTNT
Staff
BillH_FTNT
Staff
October 28, 2025

Hi @MatheusSerrapede 

 

 

Could you share the logs related to BGP after the switch-over?

  • Routing table information after the switch-over
  • BGP configuration after the switch-over

I think by checking the BGP details, we might be able to identify something related to the issue

Regards

Bill

 

MatheusSerrapede
MatheusSerrapedeAuthor
New Member
October 28, 2025

Unfortunately, I didn't collect this information. Since it's a critical environment, I had to return quickly. I only had time to notice the nodes down. But not only in the outlying neighborhoods, packets where the firewall is the network gateway also didn't work.

VRF 0 BGP router identifier 10.14.17.106, local AS number 65103
BGP table version is 2
13 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.169.1 4 4201065570 19 24 2 0 0 00:15:55 16
169.254.169.9 4 4201065536 0 0 0 0 0 never Connect
169.254.169.17 4 4201065536 0 0 0 0 0 never Connect
169.254.169.25 4 4201065570 19 22 2 0 0 00:15:51 1
169.254.169.33 4 4201065536 0 0 0 0 0 never Connect
169.254.169.41 4 4201065570 19 20 1 0 0 00:15:50 1
169.254.169.49 4 4201065536 0 0 0 0 0 never Connect
169.254.169.57 4 4201065570 19 22 2 0 0 00:15:51 1
169.254.169.65 4 4201065570 0 0 0 0 0 never Connect
169.254.169.81 4 4201065570 18 22 2 0 0 00:15:50 1
169.254.169.97 4 4201065536 0 0 0 0 0 never Connect
169.254.169.105 4 4201065536 18 22 2 0 0 00:15:49 1

 

MatheusSerrapede
MatheusSerrapedeAuthor
New Member
October 28, 2025
452 / 5.000
 
I tried this. After the failover, I collected some logs for TAC and then did a general cleanup of all sessions, because I thought it might be related. However, the environment didn't stabilize; it only stabilized when I restarted HA. Regarding Hearbeat, we have no problem. HA only failed over when the RAM failed. After that, all failovers were in windows controlled by me, specifically to test the problem.
BillH_FTNT
Staff
BillH_FTNT
Staff
October 28, 2025

Hi @MatheusSerrapede 

Could you share the ticket number ? I could get some information from that to check the issue. Thanks

Bill

Terms & ConditionsAccessibility statement