Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jjdope
Staff
Staff

Created on ‎02-12-2025 05:51 AM

Article Id 376159

Troubleshooting Tip: HA Synchronization failure due to priority value in 'modem' interface

Description This article describes how to diagnose and work around the HA out-of-sync problem caused by the priority value in the 'modem' interface.
Scope FortiGate.
Solution

The HA is out of sync due to configuration differences on the system.interface of the modem. Below is an example output from both the primary and secondary FortiGates.

 

The current primary is JJ-01 and the secondary is JJ-02

 

JJ-01 (global) # diagnose sys ha checksum show global system.interface modem
[name]='modem': 11325d912af10e25f6bcb92630b3f9ad
[vdom]='root': af813d778dc917407271953725916b8d
[mode]='pppoe': 632411fff2fc45f885c30ff48328f46d
[distance]='1': 2776ea2c12bd88353378e4f38ad7dbda
[priority]='0': 422564ccdae72258a309ba4b9381abaf
[status]='down': 05dacc64cf3afdf7b1749ebc31aa9d82
[type]='physical': 39d37257932bbbeb5593b348f9a9ce57
[snmp-index]='11': 5f3edb8c0ea96286b8b35c11770c8fd9

 

JJ-02 (global) # diagnose sys ha checksum show global system.interface modem
[name]='modem': 11325d912af10e25f6bcb92630b3f9ad
[vdom]='root': af813d778dc917407271953725916b8d
[mode]='pppoe': 632411fff2fc45f885c30ff48328f46d
[distance]='1': 2776ea2c12bd88353378e4f38ad7dbda
[status]='down': 05dacc64cf3afdf7b1749ebc31aa9d82
[type]='physical': 39d37257932bbbeb5593b348f9a9ce57
[snmp-index]='11': 5f3edb8c0ea96286b8b35c11770c8fd9

 

The difference is that in JJ-FW-01, the priority value is set to 0.

The configuration is as given below:

 

JJ-01 (global) # show system interface modem
config system interface
    edit "modem"
        set vdom "root"
        set mode pppoe
        set distance 1
        set priority 0
        set status down
        set type physical
        set snmp-index 11
    next
end

 

JJ-02 (global) # show system interface modem
config system interface
    edit "modem"
        set vdom "root"
        set mode pppoe
        set distance 1
        set status down
        set type physical
        set snmp-index 11
    next
end

 

The integer value range for the priority value is 1 to 64435.

 

JJ-01 (modem) # set priority
priority Enter an integer value from <1> to <65535> (default = <1>).

 

This configuration is a read-only setting, which means that even an admin with super_admin privileges is not allowed to configure this value. The following message will be displayed when the configuration to change the priority value is attempted.

 

JJ-01 (modem) # set priority 1
cannot change read-only setting.

 

Workaround:

Perform a failover to make JJ-02 the primary. Reboot JJ-01 which was previously the primary, and allow it to reconnect to HA. This will restore the priority settings on the system interface modem to the default value of 1. The HA will remain in sync if JJ-01 is set to be the primary again.
191
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.