Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ted
Staff
Staff

Created on ‎12-30-2025 07:12 AM

Article Id 424628

Troubleshooting Tip: HA Out-of-sync happens on FGSP cluster after a reboot

Description This article describes an issue where a standalone-config-sync member in an FGSP cluster keeps out-of-sync status when the FGSP standalone cluster reboots.
Scope FortiGate
Solution

This issue is a desynchronization (out-of-sync) problem through port_ha interfaces between HA members due to communication failure.

 

+hatalk debug
2025-12-23 17:08:22 <hasync:WARN> conn=0xc9d56d0 connect(169.254.0.2) failed: 113(No route to host)

 

The L2 ethertype on the HA heartbeat link for configuration synchronization should be 0x8893. However, ethertype is changed to 0x0000 and cannot be reset to 0x8893 after rebooting the peer, leading to an out-of-sync issue.

 

out of sync issue.png

 

Workaround:


Reset the HA configuration as a workaround:

  1. Restart the hatalk daemon on both cluster members first.

 

(global) # fnsysctl killall hatalk

 

  1. Disable and enable 'standalone-config-sync' configuration.

 

(global) # config system ha
(ha) # unset standalone-config-sync
(ha) # end
(global) # config system ha
(ha) # set standalone-config-sync enable
(ha) # end

 

The issue, bug ID 1060006, is fixed in FortiOS 7.2.11, 7.4.8, 7.6.1.
136
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.