This article describes how to troubleshoot HA synchronization when Central management configuration differs between the Primary and the secondary device.

This article describes a scenario where the client’s HA environment is out-of-sync due to 'system central-management'.

1. This happens when the FortiManager's IP address is not present in the central-management configuration on the primary firewall, but the secondary firewall shows otherwise. The following is an example.

    2. When trying to unset the type under the central-management configuration, the following error occurs:

Please unregister-device from FortiManager first. object set operator error, -582 discard the setting Command fail. Return code -582.

Error:

In FortiOS 6.4, need to check on Security Fabric -> Fabric Connectors -> FortiManager.

Solution:

1. To resolve this issue, execute the command below to unregister the FortiManager device from the primary FortiGate.

execute central-mgmt unregister-device <FortiManager-Serial-Number>

Once this has been set, the type is automatically changed to 'none'.

Note: In older versions, it is necessary to manually set the type to none as seen below.

2. Add the central management configuration to the primary device so the central-management configuration is re-synchronized between the devices and the HA is back in synchronization.