FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes issues when FortiGate-120G/121G failed to get HA in sync after upgrading to v7.2.9.
Scope
FortiGate-120G/121G.
Solution
When upgrading the 120G/121G FortiGates in the HA cluster from the 7.0 branch to 7.2.9 some devices might experience issues with HA being out of sync, the HA GUI page not loading correctly, or not at all.
Users would need to check the HA configuration under 'config system ha'.
config system ha set group-name <name> set mode a-p set password ENC set hbdev "ha" 0 <------ set session-pickup enable set override disable set priority 1 set monitor "<port1>" "<port2>" end
If the 'ha' port or 'mgmt' port is being used as a heartbeat port users will run into this issue after upgrading to 7.2.9. In these cases, a valid workaround or a temporary solution is to change the heartbeat port to another port.
config system ha
set hbdev "port10"
end
For users that have not yet upgraded to v7.2.9 and have 'ha' or 'mgmt' as heartbeat ports to not encounter this issue in v7.2.9, it would be necessary to change the heartbeat ports before the upgrade.
This issue is investigated under known issue ID 1056138 and the fix schedule is v7.2.11. If further information regarding the issue is needed, users must open a ticket with the TAC team.
