Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akanibek
Staff
Staff

Created on ‎07-25-2025 01:44 AM Edited on ‎09-22-2025 05:13 AM By Moderator

Article Id 403516

Technical Tip: FortiGate HA Out-of-sync issue on v7.6.3

Description

This article provides a workaround for the HA Out-of-Sync issue observed on firmware version 7.6.3. The issue can occur in both Active-Active and Active-Passive HA configurations.
Scope FortiGate v7.6.3 GA.
Solution

Zero-day malware stream scanning NEW, which allows FortiGate devices to receive IOCs using a new daemon ‘fortimq’.  However, this issue causes an out-of-sync state between HA cluster members:

 

2025-07-17 17_47_18-FortiGate - fgt01 — Mozilla Firefox.png

 

The known issue is under investigation, and until it is listed as resolved in a feature release, the feature should be disabled as a workaround:

  1. Go under FortiGate Primary GUI -> Security Profiles -> AntiVirus -> Select profile, where the feature is enabled -> Virus Outbreak Prevention, and disable ‘Use 0-day malware stream scanning’.
  2. Select 'OK' to save profile changes.

 

GUI_settings.png

 

  1. If required, manually resynchronize the HA cluster by following the KB article: Technical Tip: Procedure for manual synchronization for HA out-of-sync issue.

Note: The fix for this issue will be available on the FortiOS releases v7.6.4 and v8.0.0.
496
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.