Created on
03-13-2025
09:38 AM
Edited on
03-14-2025
08:23 AM
By
Jean-Philippe_P
Description |
This article describes expected split-brain behavior when additional VDOMs are configured in a cluster with inconsistent VDOM licensing.
While the issue is occurring, a message similar to the following is visible in hatalk:
'HA cannot be formed because the HA peer '<serial number>' has <M> vdoms. It exceeds the maximum number of vdoms allowed on this box, which only allows maximum <N> vdoms.' |
Scope | FortiGates in High availability cluster. |
Solution |
Requirements to form a FortiGate Clustering Protocol (FGCP) HA cluster include those listed in v7.6.2 Administration Guide: Troubleshoot an HA formation.
FGT-A # config global FGT-A (global) # get system status | grep "Max number" FGT-B (global) # get system status | grep "Max number"
FGT-A # config vdom FGT-A (vdom) # edit ? vdom-03 vdom-05 vdom-07 vdom-09
Warning: The following configuration will cause split-brain in this scenario.
FGT-A # config vdom FGT-A (vdom-11) #
Split-brain is a serious condition where the cluster does not form and each device acts as primary. This will cause degraded network performance until the issue is resolved. See the article Technical Tip: High Availability - Split Brain.
FGT-A (global) # diagnose debug application hatalk -1 FGT-A (global) # diagnose debug enable FGT-A (global) # <hatalk> parse options for 'FG6H1EBBBBBBBBBB', packet_version=8
FGT-B (global) # diagnose debug application hatalk -1 FGT-B (global) # diagnose debug enable FGT-B (global) # <hatalk> parse options for 'FG6H1EAAAAAAAAAA', packet_version=8
Resolution: FGT-A # config vdom FGT-A (vdom) # delete vdom-11 FGT-A (vdom) #
If neither HA device supports additional VDOMs, attempting to configure an excess VDOM will be rejected and split-brain will not occur.
FGT-A (vdom) # edit vdom-11
This issue is only relevant for models that support expanding the allowed number of VDOMs. Check a product's datasheet for its maximum and default number of supported VDOMs to verify if it supports VDOM expansion. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.