Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Hsharma
Staff
Staff

Created on ‎05-05-2024 10:06 PM Edited on ‎05-26-2025 08:00 AM By Moderator

Article Id 312227

Technical Tip: HA Out of Sync due to speed auto in default setting

Description This article describes how to resolve an HA sync issue due to 'set speed auto' in the 'config system interface' configuration.
Scope FortiGate.
Solution

The below output shows that the cluster is out of sync due to a 'system.interface' checksum mismatch:

 

diagnose system ha checksum show global
FG1 # system.interface: 5n6nd4na500787a76a4f4fcedfasg4dgh3h2 <===
FG2 # system.interface: 6dhjh3hw364ee4e44ad76ca0e32a676df4ft <===

 

The interface configuration for port1 between the primary and secondary devices differs, as the default setting of 'set speed auto' is visible on the primary device:

 

show system interface port1
    edit "port1"
        set vdom "global"
        set ip x.x.x.x 255.255.255.0
        set allowaccess ping
        set type physical
        set alias "XYZ"
        set device-identification enable
        set role lan
        set speed auto <---

Next

 

The 'set speed auto' is the default setting and should not be displayed using the 'show system interface port1' command.  However, on the secondary HA cluster member, the 'set speed auto' command is not displayed:

 

show system interface port1
    edit "port1"
        set vdom "global"
        set ip x.x.x.x 255.255.255.0
        set allowaccess ping
        set type physical
        set alias "XYZ"
        set device-identification enable
        set role lan
    next

  

This difference in configuration will make the system worse. The interface object is different, which results in a sync issue.

 

The solution for this issue is as follows:

  • Go to the device where speed is not showing as a default setting.
  • Go to the interface and set the speed to any other setting. For example, set speed 1000full.
  • Save the settings by coming out of the interface settings
  • Go back to the interface again, set the speed back to auto, then save the configuration.
  • The default speed auto should be seen in the interface settings on both devices.
  • Recalculate the checksum for both primary and secondary devices from the command below:

 

     diagnose system ha checksum recalculate

 

After recalculating the checksum, the issue should be resolved, and both devices will be in synchronization again. 

 

If the issue is still not resolved, verify the configuration of other objects whose checksum is different. 

Refer to the article below to compare the checksum. 

Technical Tip: Troubleshooting a checksum mismatch in a FortiGate HA cluster
767
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.