FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the steps to resolve HA synchronization issue after upgrading to FortiOS 7.4.8 caused by a system.central-management mismatch table.
Scope
FortiGate.
Solution
When upgrading a FortiGate HA cluster to version 7.4.8 or later, HA synchronization may fail to complete during the upgrade. If the system reports that the system.central-management table is out of sync, run the following commands on both nodes using the FortiGate CLI:
FGT-Primary # config system central-management
FGT-Primary (central-management) # show
config system central-management
set type fortimanager
set serial-number "FMG-VMTMXXXXXXXX"
set fmg "10.10.10.10"
set vdom "vsys_hamgmt"
end
FGT-Secondary # config system central-management
FGT-Secondary (central-management) # show
config system central-management
set type fortimanager
set serial-number "FMG-VMTMXXXXXXXX"
set fmg "10.10.10.10"
end
As seen in the output of the Primary FortiGate, it started showing the hidden VDOM vsys_hamgmt, but on the secondary node it is not showing the same because the default VDOM is root.
This issue can be fixed by setting the vsys_hamgmt VDOM back to root by running the following commands on CLI.
FGT-Primary # config system central-management
FGT-Primary (central-management) # set vdom "root"
