FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.


This article provides a configuration change that can be tried when some or all of the Dynamic Routes in the new Master unit are lost in the routing table when a HA fail-over occurs.


FortiGate v4.0 and above


Set the "route-wait" value from 0 (the default value) to 2 or higher.
# conf sys ha
# set route-wait <2 or higher>
# end
"route-wait" is the time the primary unit waits after receiving a routing table update before sending the update to the subordinate units in its HA cluster. The route-wait range is from 0 to 3600 seconds.