|
After transitioning a FortiGate from standalone mode to HA (Active-Passive) mode, duplicate FortiSwitch entries may appear in the Managed FortiSwitches section. Each switch may be listed twice (once with its hostname and once with only its serial number). This is a known issue in FortiOS v7.4.7 and has also been observed in other v7.4 firmware versions.
The duplicate entries persist across HA failovers and reappear even after being manually deleted, including during failback events.
Resolution:
A permanent fix has been implemented in FortiOS v7.6.4. where the daemon 'fortilinkd' now validates FortiLink connections against serial numbers instead of switch IDs, the managed-switch rename function has been optimized, and 'disable-discovery' behavior is handled consistently for different FortiLink types.
Workaround:
For some environments, the following CLI command can be used to prevent duplicate entries from appearing. However, on affected firmware versions it is not safe to apply in production environments since it can cause the FortiLink trunk to go down, depending on the FortiLink type and MCLAG status.
config switch-controller global
set disable-discovery <FSW1-serial-number> <FSW2-serial-number> ...
end
This command disables automatic discovery for the specified FortiSwitch serial numbers. Doing so ensures the switch does not get re-added as a duplicate during HA failover or failback events. If the switch is already authorized, it remains authorized after configuring 'set disable-discovery enable'. However, as stated previously, it must only be attempted during a maintenance window or when there will be no production impact.
To revert the change, 'unset disable-discovery'.
config switch-controller global
unset disable-discovery
end
The disable-discovery behavior is optimized for all topologies in FortiOS v7.6.4 and later to prevent the switch going offline after disable-discovery is enabled.
|
