FortiOS 7.2.9 for 120G series seems to break HA

Secucard · ‎08-21-2024

Hi,

updating an active-passive setup for a 120G, from 7.0.15, to 7.2.9 seems to break HA totally.

It looks like the internal network can not be found anymore.

I raised a ticket on that. Downgrade is possible, but takes time and nervs.

Take care,

Ronny

2024-08-21 13:15:18 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:18 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:21 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:21 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:23 <hatalk> vcluster_1: ha_prio=0(primary), state/chg_time/now=2(work)/1724238681/1724238923
2024-08-21 13:15:24 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:24 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:24 <hasync:WARN> conn=0x4760c3d0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:24 <hasync:WARN> conn=0x4760c3d0 abort: rt=-1, dst=169.254.0.1, sync_type=27(capwap)
2024-08-21 13:15:27 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:27 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:27 <hasync:WARN> conn=0x4760c3d0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:27 <hasync:WARN> conn=0x4760c3d0 abort: rt=-1, dst=169.254.0.1, sync_type=5(conf)
2024-08-21 13:15:30 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:30 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:33 <hatalk> vcluster_1: ha_prio=0(primary), state/chg_time/now=2(work)/1724238681/1724238933
2024-08-21 13:15:33 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:33 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:36 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:36 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:36 <hasync:WARN> conn=0x4760c3d0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:36 <hasync:WARN> conn=0x4760c3d0 abort: rt=-1, dst=169.254.0.1, sync_type=18(byod)
2024-08-21 13:15:40 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:40 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:43 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:43 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:43 <hatalk> vcluster_1: ha_prio=0(primary), state/chg_time/now=2(work)/1724238681/1724238943
2024-08-21 13:15:46 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:46 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)
2024-08-21 13:15:49 <hasync:WARN> conn=0x476086a0 connect(169.254.0.1) failed: 113(No route to host)
2024-08-21 13:15:49 <hasync:WARN> conn=0x476086a0 abort: rt=-1, dst=169.254.0.1, sync_type=3(fib)

FlavioB1 · ‎09-09-2024

I'm going with 7.2.9 on two 120G clusters. I can't use 7.0 because I'm managing those firewalls from a 7.2 ADOM on FMG.

shpforti · ‎09-10-2024

We have a cluster of 120Gs with 7.2.9 (with HA port on port13), also a 100F and a 70F on our other offices also running 7.2.9 connected with IPsec since 8/25, they have been working fine so far.

cjackson_ncl · ‎10-09-2024

FortiOS 7.2.10 has fixed this issue for us across multiple FortiGate models, including the 120G.

NSE4

cjackson_ncl · ‎09-09-2024

Just so you know, we are seeing this issue across multiple FortiGate models and different FortiOS versions, as are other members of the Fortinet community

NSE4

FortiOS 7.2.9 for 120G series seems to break HA

Nominate a Forum Post for Knowledge Article Creation