Skip to main content
jomof
jomof
New Member
May 17, 2024
Solved

Secondary cluster member not synchronizing with the Primary

  • May 17, 2024
  • 3 replies
  • 15171 views

Hello Expert,

 

We have two 400E fortigates in a HA cluster.
This afternoon we temporary shutdown the secondary member in facilitate changing a defective patch cable which was connected to the respective HA ports on the active and passive device.
The defective cable was remove ad replace with new one.
When the secondary FortiGate was repowered during checking the system status it was discovered HA was out of sync.
I humbly request you assistance to fix same.

Best answer by ozkanaltas

Hello @jomof,

 

This change you make should not affect traffic.

 

The reason why Fortigates cannot synchronize is because the priority is in an unacceptable range. In old versions, you could set the priority value to 0, but in new versions you need to set it to minimum 1. This value did not change during the upgrade, even though it should have. This was corrected in the configuration check when the secondary device was turned on. If you change this value to 1 on the first device, the synchronization problem will be solved. Also, if you want to confirm this, you can run these commands on the secondary device and check the priority value.

 

config router static

edit 1

show full-configuration

end

3 replies

ozkanaltas
ozkanaltas
Valued Contributor III
May 17, 2024

Hello @jomof ,

 

You can review this document about troubleshooting the HA sync problem. 

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-HA-synchronization-issue/ta-p/193422

 

You can see which part is not synchronized on the GUI.

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-HA-out-of-synchronization/ta-p/273502

 

And also, did you try to any changes to the primary unit? (Like a create address object) Configuration change triggers the HA sync process.

jomof
jomofAuthor
New Member
May 17, 2024

Hello Expert,

 

>> And also, did you try to any changes to the primary unit? (Like a create address object) Configuration change triggers the HA sync process. no

should i try a change to force a sync.

Thanks

 

Regards

ozkanaltas
ozkanaltas
Valued Contributor III
May 17, 2024

Hello @jomof ,

 

You can try, this is not a dangerous thing. 

ozkanaltas
ozkanaltas
Valued Contributor III
May 17, 2024

Hello @jomof ,

 

Can you change the priority on the master device to 1?

 

config router static edit 1 set priority 1 end

 

jomof
jomofAuthor
New Member
May 17, 2024

Can you change the priority on the master device to 1? think so

It is production environment a bit hesitant.

  

ozkanaltas
ozkanaltasAnswer
Valued Contributor III
May 17, 2024

Hello @jomof,

 

This change you make should not affect traffic.

 

The reason why Fortigates cannot synchronize is because the priority is in an unacceptable range. In old versions, you could set the priority value to 0, but in new versions you need to set it to minimum 1. This value did not change during the upgrade, even though it should have. This was corrected in the configuration check when the secondary device was turned on. If you change this value to 1 on the first device, the synchronization problem will be solved. Also, if you want to confirm this, you can run these commands on the secondary device and check the priority value.

 

config router static

edit 1

show full-configuration

end

Terms & ConditionsAccessibility statement