Description
This article describes how to fix the issue while there is only one HA cluster in the network and there are difficulties getting an IP address from DHCP, assuming the DHCP server is an ISP.
Solution
Normally, when there is only one FortiGate HA cluster in the network, there is no need to change the 'group-id' value, because there is no conflict of virtual MAC addresses inside the network. By default, the HA 'group-id' value is 0.
But there can be specific cases like when the FortiGate cluster is connected to an ISP, and it needs to get an IP address from the DHCP server that is in the ISP network.
If FortiGate has difficulties getting an IP address from DHCP in this case, there might be the possibility that in the ISP network (or most probably in the network of some other subscriber connected to the same ISP), some other FortiGate HA cluster is also getting an IP address from DHCP server and virtual MAC addresses can conflict in ISP device.
In this case, it is recommended to change the 'group-id' value under HA settings to avoid such conflicts:
config system ha
set group-id XX <----- (XX is an integer value from 0-255).
end
In FortiGate with VDOM setting:
config global
config system ha
set group-id XX <----- (XX is an integer value from 0-255).
end
end
Related article:
Technical Tip: A conflict HA virtual MAC address in the different HA cluster
