Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rosalyn
Staff
Staff

Created on ‎05-30-2022 03:05 AM Edited on ‎04-21-2025 07:54 AM By Community Manager

Article Id 213423

Technical Tip : Resync IPsec tunnel on secondary HA unit when it is down

Description This article describes how to resync the IPsec tunnel on a secondary HA unit when it is down.
Scope

The IPsec tunnel on the secondary FortiGate will not communicate with the remote firewall/router, like a primary FortiGate.

The IPsec tunnel status on the primary FortiGate will sync over the hasync process to the secondary.

Hence, it is possible to restart the hasync process on the primary to achieve this.
Solution

Log in to the primary FortiGate and check for the hasync process pid and restart it. 

 

Here is the example:

 

# FGT # diagnose sys top
Run Time:  2 days, 23 hours and 18 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 2010T, 541F
          hasync     1504      S <     0.5     1.9
          hatalk     1501      S <     0.5     0.5
          fcnacd      209      S       0.0     4.6
         reportd      170      S       0.0     2.4

 

To restart the process:

 

diagnose sys kill 11 1504     

 

After that, it is possible to verify the IPsec tunnel status on the secondary unit.

 

Related article:

Technical Tip: Restarting internal processes/daemons 
1324
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.