|
Under System -> HA, it shows that system.interface table is out of sync. Recalculating the checksum does not help.
execute ha synchronize stop
execute ha synchronize start
di sys ha checksum recalculate
Manually comparing the system interface settings on both HA units revealed that one unit has interfaces labeled as x1 and x2, while the other unit has interfaces labeled as port a and b.
Example on one FortiGate showing x1 and x2 interfaces.
show system interface
config system interface
edit "x1"
set vdom "root"
next
edit "x2"
set vdom "root"
next
end
Example on another FortiGate not showing x1 and x2.
show system interface
config system interface
edit "a"
set vdom "root"
next
edit "b"
set vdom "root"
next
end
Upon checking the hardware status, one HA unit is showing Revision 1 and the other HA unit is showing Revision 2.
FortiGate-90G-01 # get hardware status
Model name: FortiGate-90G
ASIC version: SOC5
CPU: ARMv8
Number of CPUs: 8
RAM: 7548 MB
EMMC: 9982 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP7LITE Adapter (rev.)
Hardware Revision: Rev1
FortiGate-90G # get hardware status
Model name: FortiGate-90G
ASIC version: SOC5
CPU: ARMv8
Number of CPUs: 8
RAM: 7548 MB
EMMC: 9982 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP7LITE Adapter (rev.)
Hardware Revision: Rev2
The reason for HA out-of-sync is due to FortiGate 90G revision 1 and revision 2 have different interface names. For more information, refer to this article: Technical Tip: Members of FortiLink interface on FortiGate 90G with different hardware revisions.
It is recommended that both units in the HA cluster use the same hardware revision to ensure consistency.
If aligning hardware revisions is not possible, please consult a Fortinet Systems Engineer (SE) for further guidance.
|
