Fortigate HA Issue - URGENT

Forum|Forum|9 years ago
April 21, 2017
2 replies
15356 views

Hello guys,

I've 2 600D firewall in HA (Active-Active) mode and we've 3 ISP. Between each ISP connection, there is a switch so that we can get two cable outputs for each firewall.

For temporary reasons, I had changed the ISP2 interface IP to all 0.0.0.0 (and also disconnected the cable) to test something else. And now, when I reassign the public IP to the same interface, it says "This IP is already in use by device 00:09:0f:09:00:15". This is Fortinet MAC address.

What am I missing here?

Details: HA: Active-Active

OS: 5.4.2

VDOM: Yes, 7 No's.

How can I fix this? Please help.

hklb

Visitor III

Hi,

The output message is on web interface or in CLI ?

Is your WAN interface is a VLAN?

Do you have the "sync-config enable" in conf sys ha?

is your cluster in in sync ?

Mac address "00:09:0f:09:00:15" is the mac address of master of slave device ?

digvijay2050Author

New Member

That is the output message I get on the Web Interface. On CLI it took the IP, but there was no internet connectivity.

No, its not a VLAN. Its an ISP Ethernet cable coming in, which then connects to an unmanaged switch and then two cables from the unmanaged switch to each firewall.

Yes, sync-config is enabled.

Upon research I found out that the MAC belongs to the ISP1 port. But I checked the config of ISP1 in both GUI and CLI and there is no trace of an IP Conflict between ISP1 and ISP2 ports.