Technical Tip: HA not Syncing - cheksum dump: 00 0...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 389339

Description

The article describes an issue with the HA pair not syncing the configuration, and the 'get sys ha status' command
Returns all zeros for the secondary device.

Scope

FortiGate.

Solution

When configuring certain interfaces as HBDEV, both the master and slave in the HA cluster experience heartbeat (HB)
packet drops, out-of-sync state, and a checksum dump showing all zeros.

Configuration Status:

FG12XXXXXXXXXXX(updated 4 seconds ago): in-sync
FG12XXXXXXXXXXX chksum dump: 55 3e 1d 50 e6 74 82 f6 da 6b 05 7e 09 60 e9 95
FG12XXXXXXXXXXX(updated 1744722639 seconds ago): out-of-sync <----- Seems like invalid time counter.
FG12XXXXXXXXXXXX chksum dump: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <-----

Upon investigation, the root cause was identified as the (Virtual routing and forwarding) VRF configuration of the heartbeat interface being set to non-zero.

Note:

For the affected devices, this behavior is fixed in v7.6.3.

509

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: HA not Syncing - cheksum dump: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

You are leaving our website