Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Wallerson
Staff
Staff

Created on ‎12-11-2025 03:09 PM

Article Id 421223

Troubleshooting Tip: FortiGate Rugged 60F HA Out-of-Sync

Description

This article describes the steps to resolve the FortiGate Rugged 60F HA out-of-sync issue caused by 'vin-alarm'. The FortiGate Rugged 60F model has different hardware revisions:

  • Gen2 = Gen1 + TPM.
  • Gen3 = Gen2 (Gen1 + TPM) + Dual DC-input.
  • Gen4 = Gen3 + GPS antenna.
  • Gen5 = Gen4 + Memory.

 

The Gen3 onward has dual DC input, so 'vin-alarm' is available in the configuration.
Scope FortiGate.
Solution

The following settings are available on FortiGate with revision 4:

 

FGT-Rev4 # get hardware status
Model name: FortiGateRugged-60F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 4
RAM: 1936 MB
EMMC: 3742 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
Hardware Board ID: 100
Hardware Revision: Rev4

 

FGT-Rev4 # show system vin-alarm
config system vin-alarm
end

 

FGT-Rev4 # show full-configuration system vin-alarm
config system vin-alarm
    set status disable
    set psu-1-threshold-low-percent 80
    set psu-2-threshold-low-percent 80
    set psu-1-initial-voltage 0
    set psu-2-initial-voltage 0
end

 

These settings do not exist on a FortiGate with lower revision:

 

FGT-Rev1 # get hardware status
Model name: FortiGateRugged-60F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 4
RAM: 1936 MB
EMMC: 3742 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
Hardware Board ID: 000
Hardware Revision: Rev1

 

FGT-Rev1 # show system vin-alarm

command parse error before 'vin-alarm'
Command fail. Return code -61

FGT-Rev1 #

 

The FortiGate Rugged 60F models with different hardware revision can form a HA cluster, however, their status will be always out-of-sync:

 

FGT-Rev1-MASTER # get system ha status
HA Health Status:
Model: FortiGateRugged-60F
Mode: HA A-P
Group Name: CCU
Group ID: 0
Debug: 0
Cluster Uptime: 721 days 4h:28m:21s
Cluster state change time: 2025-10-29 16:23:12
...
ses_pickup: disable
override: enable
Configuration Status:
FGR60FTK2000XXXX(updated 3 seconds ago): in-sync
FGR60FTK2000XXXX chksum dump: 6a 4a a3 d3 b8 5d ab 71 4e 27 f7 7a 6b 1a 82 16
FGR60FTK2200YYYY(updated 1 seconds ago): out-of-sync --> FGT-Rev4
FGR60FTK2200YYYY chksum dump: be b7 38 9a 78 03 ae 32 fd 4c 94 bd 21 ef 28 19
System Usage stats:
FGR60FTK2000XXXX(updated 3 seconds ago):
sessions=27, average-cpu-user/nice/system/idle=0%/0%/0%/99%, memory=45%
FGR60FTK2200YYYY(updated 1 seconds ago):
sessions=0, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=41%
HBDEV stats:
FGR60FTK2000XXXX(updated 3 seconds ago):
wan2: physical/1000auto, up, rx-bytes/packets/dropped/errors=178130707/549800/0/0, tx=239580270/596122/0/0
FGR60FTK2200YYYY(updated 1 seconds ago):
wan2: physical/1000auto, up, rx-bytes/packets/dropped/errors=238008447/591498/0/0, tx=176614968/545583/0/0
MONDEV stats:
FGR60FTK2000XXXX(updated 3 seconds ago):
internal1: physical/100auto, up, rx-bytes/packets/dropped/errors=3406860/46421/0/0, tx=2816/44/0/0
wan1: physical/100auto, up, rx-bytes/packets/dropped/errors=69762544/127667/0/0, tx=22017628/78527/0/0
FGR60FTK2200YYYY(updated 1 seconds ago):
internal1: physical/100auto, up, rx-bytes/packets/dropped/errors=4237889/48459/0/0, tx=0/0/0/0
wan1: physical/00, down, rx-bytes/packets/dropped/errors=0/0/0/0, tx=0/0/0/0
number of member: 2
FGT-Rev1-MASTER, FGR60FTK2000XXXX, HA cluster index = 1
FGT-Rev4-SECONDARY, FGR60FTK2200YYYY, HA cluster index = 0
number of vcluster: 1
vcluster 1: work 169.254.0.2
Primary: FGR60FTK2000XXXX, HA operating index = 0
Secondary: FGR60FTK2200YYYY, HA operating index = 1

 

The version 7.6.3 GA introduced the 'system.vin-alarm' entry to 'vdom-exception' table. To resolve this issue the upgrade to 7.6.3 onward is required.

 

Upon upgrade, configure the 'system.vin-alarm' into 'vdom-exception' on the FortiGate that has revision 4 regardless of its HA role. In the following example, the FGT-Rev4 is the secondary one:

 

FGT-Rev1-MASTER # execute ha manage 0 admin
admin@169.254.0.1's password:
FGT-Rev4-SLAVE #

FGT-Rev4-SLAVE # config system vdom-exception

FW-CCK-OT-SLAVE (vdom-exception) # edit 1
new entry '1' added

FGT-Rev4-SLAVE (1) # set object system.vin-alarm

FGT-Rev4-SLAVE (1) # next

FGT-Rev4-SLAVE (vdom-exception) # end

FGT-Rev4-SLAVE #
FGT-Rev4-SLAVE # show system vdom-exception
config system vdom-exception
   edit 1
       set object system.vin-alarm
    next
end

 

The cluster will become synced:

 

FGT-Rev4-SLAVE # get system ha status
...

...
Configuration Status:
FGR60FTK2200YYYY(updated 2 seconds ago): in-sync
FGR60FTK2200YYYY chksum dump: 6a 4a a3 d3 b8 5d ab 71 4e 27 f7 7a 6b 1a 82 16
FGR60FTK2000XXXX(updated 1 seconds ago): in-sync
FGR60FTK2000XXXX chksum dump: 6a 4a a3 d3 b8 5d ab 71 4e 27 f7 7a 6b 1a 82 16
System Usage stats:

 

For more information, refer to the config system vin alarm in the FortiOS CLI reference.
Labels:
38
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.