Skip to main content
Nick_Bligh
Nick_Bligh
New Member
June 26, 2018
Question

HA Sync Issue

  • June 26, 2018
  • 2 replies
  • 16968 views

I have two Fortigate 600C units in a HA cluster, the GUI states that the Slave is not syncronised with the Master, this is true as I have run a command and can see that the checksums are different. Fortinet say I should do the following:-

1. Take a backup of the Master from GUI

2. Rename the file to slave, change the hostname and proirity number in the file

3. Take Slave out of HA, Update config from GUI with Master config

4. Re join the HA

 

Surely there is a command to re rync the slave from the master config, does anyone know if there is such a command?

 

Any help greatly appreciated.

Nick.

 

    2 replies

    xxxsan
    xxxsan
    New Member
    June 26, 2018

    Not sure but you can use following link for troubleshooting.

    http://kb.fortinet.com/kb....do?externalID=FD36176

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    June 26, 2018

    I don't know what version you're running them but especially earlier versions of 5.2.x we experienced more than a couple of HA non-sync issues that once it fell into some certain conditions it would never come back to in-sync no matter what we adjusted in config to correct.

     

    To give the slave a fresh start, I would just break the HA and re-format the slave, reload the os image and configure only HA portion (config sys ha and mgmt interface) then normalize the cables and/or shutdown interfaces to put them back in HA operation. Just keep watching at console output, especially on the slave side, when the syncing process pregresses (It's entertaining if you keep checking the slave config how much it's copied over). You would see messages indicating it tries syncing, trying again...in a couple of cycles. If you want to speed up that process toward the end, you might want to run a command line to "recalculate checksum" on both master and slave a couple of times. The CLI is slightly different between major version. Be aware the slave would kick you off at the end of every cycle of syncing, so you have to re-logon when that happens.

     

    Nick_Bligh
    Nick_BlighAuthor
    New Member
    July 3, 2018

    Many thanks for info, I think that is the best option, i think if i just unplug all the interfaces re format, configure the HA part and mgmt interface, if i boot up with just the HA cable connected then once synronized i can plug all the other interface cables in, does that sound correct.

     

    Nick.

     

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    July 3, 2018

    Yes, of course.

    Terms & ConditionsAccessibility statement