If the HA cluster shows that the secondary unit is out of sync and while checking the checksum after hovering over the 'Not Synchronize' status it shows the object 'web.proxy.global' checksum is not matching like following way, it is suggested always to check the specific part configuration.

From CLI :

Run the command below on both the Cluster unit and compare the checksum value:

diagnose sys ha checksum show root web.proxy.global

If the part configuration does not match, it has to be reconfigured manually to match, and it will synchronize after that. But in case, the configuration can be the same in both units, while the object checksum is still mismatching.

FGT1(primary)# config web-proxy global
    set proxy-fqdn "default.fqdn"
end

FGT2(secondary)# config web-proxy global
    set proxy-fqdn "default.fqdn"
end

In this situation, the workaround is to change the default 'proxy-fqdn' configuration under web-proxy from global.

FGT1(primary)# config web-proxy global
    set proxy-fqdn "no.fqdn"
end

Once it has been changed only in the primary, recalculate the checksum with the 'diagnose sys ha checksum recalculate' CLI command. After the cluster is synced again.

Related articles:

• Troubleshooting Tip: How to troubleshoot HA synchronization issue using GUI and CLI on FortiGate/For...
• Technical Tip: Procedure for HA manual synchronization