Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
HernandezA
Staff
Staff

Created on ‎09-06-2024 09:54 AM Edited on ‎09-10-2024 08:02 AM By Moderator

Article Id 339625

Troubleshooting Tip: FortiAnalyzer HA could not be performed with specific error message 'Firmware version mismatch'

Description This article describes how to perform a troubleshooting process when a FortiAnalyzer HA could not be performed with a specific error message 'Firmware version mismatch'.
Scope Fortianalyzer.
Solution

Pre-requisites: Define HA topology and IP addressing.

 

HernandezA_0-1725635250912.png

 

Steps:

  1. Validate the current issue scope and error message. In this case, the HA cannot be created, and configuration cannot be synchronized in a HA topology with Active-Active roles where FAZ01 must have the primary roles and FAZ02 must have the secondary roles.
    1. HA status in FAZ01.

HernandezA_1-1725635250916.png

 

  1. HA status in FAZ02:

 

HernandezA_2-1725635250918.png

 

  1. Confirm the exact error message that is related with the version mismatch.
  1. Confirm the current version in each FortiAnalyzer node, either using the CLI (get system status) or the GUI.
  1. The current version is in FAZ01.      

 

HernandezA_3-1725635250927.png

 

  1. Current version in FAZ02.

 

HernandezA_4-1725635250935.png

 

 

  1. In this example, the presence of different versions was confirmed. It is therefore necessary to upgrade match versions, best scenario go to most recent version. (can refer to following link to upgrade process) Upgrading FortiAnalyzer Firmware - Fortinet Community.

 

  1. After an upgrade, the status remains in deploying and cannot be synchronized.

 

HernandezA_5-1725635250938.png

 

HernandezA_6-1725635250941.png

 

  1. We proceeded to verify configurations in HA parameters to identify some mismatch.
  1. HA Parameters in FAZ01.

 

HernandezA_7-1725635250944.png

 

  1. HA parameters in FAZ02.

 

HernandezA_8-1725635250948.png

 

  1. The main configuration for HA according to topology design is correct using the VRRP, group, password, and heartbeat interfaces.

 

  1. After a while, the synchronization was not performed. In this experiment, the HA status was validated in both sides and it was identified that both had the same priority.
    1. FAZ01 HA status:

     

HernandezA_23-1725637233776.png

         

  1. FAZ02 HA status:

 

HernandezA_10-1725635250949.png

    

  1. It is necessary to change the priority to FAZ01 to make the HA start up and synchronize.

 

HernandezA_11-1725635250949.png

 

  1. Verified synchronization was completed and HA came up, but the roles were not taken correctly. In this case, the FAZ01 was marked as secondary, which does not suit the intended design.

 

HernandezA_12-1725635250953.png

 

  1. HA status in FAZ01.

 

HernandezA_13-1725635250960.png

 

  1. HA Status in FAZ02.

            HernandezA_14-1725635250968.png

 

  1. It was necessary to perform a failover of the HA due to having already confirmed the priority is higher in FAZ01, and the role was selected as primary. Consequently, a recalculation of the HA must be performed. To perform the failover, the following command was used in FAZ01.

 

HernandezA_15-1725635250969.png     

  1. After performing a failover, it was possible to confirm the roles were correctly assigned according to design, and the configuration was synchronized.

 

  1. HA main status in GUI.

 

HernandezA_16-1725635250979.png

           

  1. HA Status in FAZ01.

 

HernandezA_17-1725635250989.png

 

HernandezA_18-1725635251000.png

        

  1. HA status in FAZ02.

HernandezA_19-1725635251012.png

 

 HernandezA_20-1725635251026.png

 

Related articles:

Technical Tip: FortiAnalyzer HA Configuration and Troubleshooting
Labels:
407
Suggest New Article
Article Feedback
Comments
cmartinez1
Staff
Staff
‎09-06-2024 10:02 AM

Thanks for the information, it was very helpful.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.