Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AndrewX
Staff
Staff

Created on ‎11-01-2024 08:39 AM

Article Id 354731

Troubleshooting Tip: Lost management access to secondary firewall (in HA) after Firmware upgrade

Description

This article describes how to make sure to access the MGMT interface to secondary firewall (HA).
Scope FortiGate.
Solution

Background:

  • 2 FortiGate firewalls configured in HA(A-P) and hosted in Azure running in load balancer mode.
  • An upgrade is performed via FortiGate itself from v7.4.3 to v7.4.4, and HA is working properly.
  • MGMT(https) access is lost on the secondary firewall, whereas SSH/Ping access is fine.
  1. Try to restart the HTTPS daemon on the secondary FortiGate firewall.

1. restart the HTTPS daemon.png

 

  1. Run the sniffer debug and found the package (three handshakes) working properly.

2.1 Sniffer commands.png

 

2.2 Sniffer pacage.png

 

  1. Execute the http debug. However, some useful information cannot be captured.

3.1 Debug command.png


3.2 Debug log.png

 

  1. Restart the secondary FortiGate firewall. The issue will remain.

 

  1. Disable the https access on MGMT interface and then re-enable it again. This will fix the issues with https access to the secondary firewall.
199
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.