This issue occurs following the upgrade to v7.4.1/v7.2.6, and FortiGate is managed through FortiManager, and when a change to 'auto-firmware-upgrade' is pushed via FortiManager, but after a reboot, the setting reverts to its default value.

The GUI indicates that the HA is out of sync on the 'system.fortiguard' parameter.

Before the upgrade, both devices were in sync:

   FGT1 (global) # get system ha status 

FGT60FTKXXXXXXX(updated 4 seconds ago): in-sync
FGT60FTKXXXXXXX chksum dump: 59 6b 80 f9 9a fb e6 a9 73 c3 8b f6 a5 bc 1c 92
FGT60FTKXXXXXXX(updated 4 seconds ago): in-sync
FGT60FTKXXXXXXX chksum dump: 59 6b 80 f9 9a fb e6 a9 73 c3 8b f6 a5 bc 1c 92

The following change is pushed through FortiManager:

FGT1 (global) # show sys fortiguard
config system fortiguard
    set auto-firmware-upgrade disable     <-----
end

Reboot the Master unit:

FGT1 (global) # execute reboot
This operation will reboot the system !
Do you want to continue? (y/n)y

Set 'auto-firmware-upgrade' back to the default value, and enable it on the unit that was rebooted.

FGT1 (global) # show sys fortiguard
config system fortiguard
end

As a result, the HA configuration becomes out of sync.

Configuration Status:

FGT60FTKXXXXXXXX(updated 2 seconds ago): out-of-sync
FGT60FTKXXXXXXXX chksum dump: 4b 5b 37 5c e0 85 41 0c e5 0c a0 2f 4e 6c e9 3b
FGT60FTKXXXXXXXX(updated 3 seconds ago): in-sync
FGT60FTKXXXXXXXX chksum dump: 42 6b 3c 5e 9a cf 14 3e 59 c6 3a f1 22 a5 ef 8f

This is a known issue that has been resolved in v7.2.8 and v7.4.2.

Related article:

Troubleshooting Tip: How to troubleshoot HA synchronization issue using GUI and CLI on FortiGate/For...