This article describes how to avoid unexpected HA behavior of FortiGate-VM on specific VMware ESXi environments.

VMware ESXi, FortiOS 7.2.2 and before, and 7.0.7 and before.

After shutting down the HA primary unit and then restarting it, the uptime for both nodes is zero, and it fails back to the former primary unit.

If HA broadcast heartbeat is configured on FortiGate-VM HA pair on a specific VMware ESXi environment, the HA broadcast heartbeat packet is sent and received by itself.
This may cause unexpected HA behavior on the FortiGate-VM HA pair.

For example, sometimes HA uptime is reset to 0 and HA primary/secondary takes over, unexpectedly.

According to following VMware's KB article, this may happen on specific condition;

In a NIC teamed environment where multiple uplinks are configured for a virtual switch and a port channel or LACP is not configured on the physical switch.

https://kb.vmware.com/s/article/59235?lang=en_us

To avoid the issue, on ESXi, '/Net/ReversePathFwdCheckPromisc' setting must be enabled with the following ESXCLI command,

esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1