Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jomof
Contributor

Created on ‎05-19-2024 11:54 AM

Examination of HA log reveal a critical error

Hello Expert,

 

I have a 2 400E box that are configured as an active/passive cluster.

Recently we are seeing in the HA log a lot of lost heartbeat errors.

 

As per redundancy  we quick at another heartbeat interface to the Ha configuration

We are still receiving error message. (see screen shots .

Screenshot 2024-05-19 144817.pngScreenshot 2024-05-19 144625.png

 

i humbly request some urgent feedback on the way forward,

 

Thank you.

Labels:
1511
0 Kudos
1 Solution
fricci_FTNT
Staff
Staff

Created on ‎05-20-2024 07:09 AM

Hi @jomof ,

 

My understanding is that you are experiencing those missing heartbeat message randomly and the 2 units are directly connected by a cable. You have already attempted the below steps:

- replace the HA cable with a brand new one and issue is still there

- add a second port to the HA config setting and the messages are still there.

 

I can see that the error is not very frequent, usually when there is a hardware fault those messages are more frequent based on my experience. Did you notice if the message is seen when there is a particular peak in traffic?
Has the traffic increased in the past weeks?
In addition to what my colleague Suraj suggested, please check/monitor the number of sessions especially while the packet lost message is seen.

get sys performance status
get sys performance firewall statistics
diag sys session stat


If you should notice a too high amount of session when the messages are seen, you may try to implement a delay in session synchronization:

config system ha
 set session-pickup-delay enable
end

or dedicate a second port just to the session sync ("set session-sync-dev portX").

The article below might help:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/495912/improving-session-sync-performanc...

Best regards,

 

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.

View solution in original post

1320
0 Kudos
11 REPLIES 11
jomof
Contributor
In response to fricci_FTNT

Created on ‎05-20-2024 09:47 AM Edited on ‎05-20-2024 09:54 AM

hello @fricci_FTNT 

 

We  found a high session usage but we will continue to monitor so we can develop a pattern.

Screenshot 2024-05-20 125359.png

 

 

Thanks for this invaluable advice will revert later with an update. 

 

 

 

303
fricci_FTNT
Staff
Staff
In response to jomof

Created on ‎05-21-2024 12:44 AM

Hello @jomof ,

 

You are more than welcome.
Please monitor and let us know, just bear in mind that the peak of sessions in the picture might be expected when people connect all together in the morning when their day starts.

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
257
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.