After upgrading to v7.6.3, FortiGate HA may become out of sync.

This issue is caused by the newly introduced 'zero-day malware stream scanning' feature in the Antivirus profile.

The feature automatically maintains an up-to-date malware hash database by removing outdated entries and optimizing performance, without requiring manual input. 

This problem is linked to a known issue being tracked. Specifically, the 'set malware-stream' command is missing on the secondary device antivirus profile configuration, which results in the HA pair going out of sync.

As a workaround, either disable this feature or upgrade to v7.6.4, where the issue has been resolved. Please refer Release notes of v7.6.4 before planning the upgrade of the device.

Release Notes v7.6.4 

Below is the snapshot of the zero-day malware feature in the Antivirus profile.

If done on CLI, it has to be disabled for each protocol which have been set to be inspected; by default, the action would be set to block. 

config antivirus profile
    edit 1                          --------------------> Replace with the profile name.
        config http                --------------------> Protocol to be inspected.
            set malware-stream disable
        end
    next
end