FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to break the HA and re-add the device again.
Scope
When the devices are in HA out of sync and there are too many checksum mismatching, it takes too much time to make in-sync by calculating each and every checksum.
Solution
Step 1:
Remove the network cables first.
Disconnect HA (Heartbeat cables).
Step 2:
Reset the slave.
Configure the basic HA setting on the slave device.
For basic settings on the slave device, input the below commands:
config system ha set group-id <group id> set group-name <cluster name> set hbdev <heartbeat interfaces and priority> set password <set plain-text cluster password> set priority <set a LOWER priority here to ensure the unit remains secondary> set mode <a-a or a-p, mirror from above> set override disable <recommended to ensure the new unit cannot take over as primary initially> end
Make sure HA override is disabled on both devices and the master should have higher priority than the slave.
The current master should have the highest priority and the slave's priority be less than the master's.
After the Basic HA configuration is done on the slave device, connect only the Heartbeat interface and wait until the device comes in sync.
