After comparing the configuration of the Fortilink interface, it is observed that there is a mismatch in the allowaccess setting.    

FG1# show system interface fortilink

config system interface

    edit "fortilink"       

        set vdom "root"       

        set fortilink enable       

        set ip 169.254.1.1 255.255.255.0       

        set allowaccess ping       

        set type aggregate       

        ...  

FG2# show system interface fortilink

config system interface

    edit "fortilink"       

        set vdom "root"       

        set fortilink enable       

        set ip 169.254.1.1 255.255.255.0       

        set allowaccess ping fabric       

        set type aggregate       

        ... 

To append fabric to allowaccess, disable or unset the FortiLink which allows the fabric to be appended to allowaccess. Afterwards the FortiLink can be re-enabled:

    FG1# config system interface   

        edit "fortilink"

            unset fortilink

            append allowaccess fabric

        next

        edit "fortilink"
            set fortilink enable

        end

Note:

In scenarios where 'unset fortlink' is required, on the Secondary unit to match with the Primary unit's fabric setting to bring HA in-sync, the setup will throw the error 'currently active managed switches'. This is an unexpected behavior resolved in v7.4.

See bug ID 870083 in the release notes.

Workaround:

1. Restore the BACK_UP Config on the Secondary unit.
2. Remove the problem unit from the HA cluster.
3. Add 'fabric' by unsetting the FortiLink option on the FortiLink interface, and then append 'fabric' to 'allowaccess'.
4. Re-enable FortiLink after the above step.
5. Restore the problem unit to the HA cluster.

This issue has been permanently fixed in v7.4.0 and above.