Dynamic capability values are by default, and they cannot be changed; it is a non-configurable value. This article has a solution where this value does not match in HA pair.

As the 'dynamic-capability' parameter is non-configurable and its behavior can vary across different FortiSwitch models, it is recommended to review the following Fortinet article for detailed guidance before attempting to unset or set this parameter to bring HA into sync: Technical Tip: Dynamic capability flag on managed FortiSwitch.

To resolve the HA synchronization issue due to a dynamic-capability parameter mismatch, follow these steps:

1. Run the command get system status on both FortiGates to verify the system status.
2. Check the FortiSwitch configuration and ensure that the dynamic-capability parameters match both FortiGates. In this case, the Dynamic capability parameters are mismatched between the two firewalls.
3. Recalculate the checksum.
4. If the parameters do not match even after recalculating, try rebooting the secondary FortiGate or switching over to the secondary FortiGate as the primary to synchronize the HA cluster.
5. Monitor the HA cluster for stability after making the changes. Additionally, try running the 'diagnose debug report' command on both switches to gather more information about the issue.

In this example, the checksum does not match:

Use this command to get the differences in checksum from both the primary and secondary devices:

diagnose system ha checksum show root switch-controller.managed-switch

Dynamic-capability value mismatch: