Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbhavsar
Staff
Staff

Created on ‎12-19-2023 08:27 PM

Article Id 290081

Troubleshooting Tip: HA out-of-sync fix firmware mismatch issue without breaking cluster

Description This article describes how to fix the HA sync issues without breaking the cluster when both units are on different firmware.
Scope FortiGate
Solution
  1. The primary device must be the one with a higher firmware version.
  2. Once it is possible to access Primary FortiGate, login to the CLI of the secondary unit using the below commands:
    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Managing-individual-cluster-units-with-the...
  3. Configure the  TFTP server and load the image file in the directory (the image with the .out version should be the same as the primary) by using the below command to restore the image file:


execute restore image tftp <file_name.out> <tftp server ip-address> <username> <password>

 

Related document:

execute restore

  1. Once uploaded, wait for a while, HA will be in-sync or run the below commands on both units:


diagnose sys ha checksum recalculate

Related article:

Technical Tip: Procedure for HA manual synchronization
1593
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.