Description
This article lists the debugs that should be collected when troubleshooting HA issues.
Scope
FortiGate.
Solution
- The following debugs should be collected for any HA-related issues:
diagnose debug enable
diagnose debug console timestamp enable
diagnose debug application hatalk -1 <----- HA formation issues
diagnose debug application hasync -1 <----- HA Sync issues.
diagnose debug disable <----- Command to disable the debug.
- Run the following on both Primary/Secondary units and collect the info:
get system performance status
get system status
get system ha status
diagnose sys ha status
diagnose sys ha history read
diagnose debug crashlog read
diagnose sys ha checksum show
execute ha synchronize start
diagnose sys ha dump 5
diagnose sys ha dump-by group
To access the secondary device in the CLI, run the following:
execute ha manage <Index-ID> <Admin-Username>
See: Technical Tip: How to access the secondary unit from the primary with the 'execute ha manage' comman....
- Packet captures for seeing communication between HA ports:
diagnose hardware device nic <heart beats interface>
diagnose sniffer packet port_ha "" 4 <----- port_ha should be the heartbeat interface.
- Collect the FortiGate’s HA and System EVENT logs for both units downloaded from the GUI/FortiAnalyzer or syslog (remote) server.
Related articles:
Technical Tip: Procedure for HA manual synchronization
Technical Tip: Rebuilding an HA cluster
