Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff

Created on ‎10-30-2025 10:36 PM Edited on ‎12-07-2025 06:57 AM By Community Manager

Article Id 417161

Technical Tip: FortiGate HA Displays “Unknown” Status After Changing the HA Group ID

Description

This article describes an issue where the FortiGate HA primary unit displays 'Status: Unknown' under System -> HA after modifying the group-ID.
Scope

FortiGate v7.4.6.
Solution

After changing FortiGate’s Group ID, FortiGate HA status may display 'Unknown' under System -> HA.

 

Status Unknown1.png


To change the Group ID via GUI:
Go to System -> HA, choose the Primary unit -> Edit -> High Availability -> Cluster Settings -> Group ID.

 

GroupID1.png

To change the Group ID via CLI:

 

config system ha

set group-id 156

end

 

Packet captures on the primary device may show it sending SYN packets while the peer responds with RST, indicating a connection reset.


diagnose sniffer packet any 'host 169.254.0.1 or host 169.254.0.2' 4 100 l
interfaces=[any]
filters=[host 169.254.0.1 or host 169.254.0.2]
2025-06-16 17:53:58.223731 port_ha out 169.254.0.1.11728 -> 169.254.0.2.703: syn 671146948
2025-06-16 17:53:58.223738 ha1 out 169.254.0.1.11728 -> 169.254.0.2.703: syn 671146948
2025-06-16 17:53:58.223797 port_ha in 169.254.0.2.703 -> 169.254.0.1.11728: rst 0 ack 671146949
2025-06-16 17:53:58.223881 port_ha out 169.254.0.1.20994 -> 169.254.0.2.703: udp 360

The following errors are seen in the htalk/hasync debugs on the Primary unit.

 

diagnose debug application hatalk -1
diagnose debug application hasync -1
diagnose debug enable
2025-06-16 16:12:07 <hasync:WARN> conn=0xc5d8700 connect(169.254.0.2) failed: 111(Connection refused)
2025-06-16 16:12:07 <hasync:WARN> conn=0xc5d8700 abort: rt=-1, dst=169.254.0.2, sync_type=3(fib)
2025-06-16 16:12:07 <hasync:WARN> conn=0xc5d8700 connect(169.254.0.2) failed: 111(Connection refused)

This issue has been resolved in:
v7.4.9 (available to download from the Fortinet support portal)
v7.6.5 (scheduled to be released in December 2025)
v8.0.0 (scheduled to be released in March 2026)
These timelines for firmware release are estimated and may be subject to change.

Workaround:
Restart the hasync daemon on the secondary device using the command 'fnsysctl killall hasync'.
Or:
Reboot the secondary device using the command 'execute reboot'.

Related documents:
Technical Tip: How to access secondary unit of HA cluster via CLI 
BUG 1170958 7.4.9 fortios release notes 
297
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.