Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbhavsar
Staff
Staff

Created on ‎12-19-2023 08:27 PM Edited on ‎12-04-2025 09:17 AM By Community Manager

Article Id 290081

Troubleshooting Tip: HA out-of-sync fix firmware mismatch issue without breaking cluster

Description This article describes how to fix the HA sync issues without breaking the cluster when both units are on different firmware.
Scope FortiGate
Solution
  1. The primary device must be the one with a higher firmware version.
  2. Once it is possible to access Primary FortiGate, log in to the CLI of the secondary unit with the commands outlined in Technical Tip: Managing individual cluster units with the CLI command 'execute ha manage'.
  3. View the current version of the secondary FortiGate with the following command:

 

get system status

Version: FortiGate-40F v7.4.8,build2795,250523 (GA.M)

...

 

Configure the  TFTP server and load the image file in the directory (the image with the .out version should be the same as the primary) by using the below command to restore the image file:


execute restore image tftp <file_name.out> <tftp server ip-address> <username> <password>

 

Related document:

execute restore - FortiADC CLI reference

  1. Once uploaded, wait for a while, HA will be in-sync or run the below commands on both units:


diagnose sys ha checksum recalculate

Related article:

Technical Tip: Procedure for HA manual synchronization
2819
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.