Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jo_rang
Staff
Staff

Created on ‎10-28-2024 11:56 AM

Article Id 352056

Troubleshooting Tip: HA out of sync due to IPS sensor configuration mismatch

Description

This article includes a troubleshooting tip to fix issues when HA is out of sync due to ips.sensor checksums mismatch
Scope Fortigate
Solution

From System -> HA, hover the mouse over the Secondary Firewall that is displaying the 'Not Synchronized' error.

The tooltip shows that the 'ips.sensor' table is the cause for the HA not being in sync.

 

IPS Sensor.png

 

To fix this, make a small change to one of the Intrusion Prevention Security Profiles. This small change will trigger the configuration synchronization from the Primary FortiGate to the Secondary FortiGate, and this can fix the HA out-of-sync error.

 

Below is an example of a small change that can be applied to the default Intrusion Prevention Profile to detect EICAR files (files that can be used to test Antivirus).


Go to Security Profiles -> Intrusion Prevention and edit the default profile.

 

Edit Profile.png

 

Add a signature to detect (for example: the EICAR File).

 

Create new.png

 

Add Eicar.png

 

Select OK and save the profile. After a few minutes, the HA error should clear.
68
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.