- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Fortigate HA in-sync/out-of-sync
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate HA in-sync/out-of-sync
2016-10-04T14:00:20.092804+02:00 date=2016-10-04 time=14: 00:13 devname=FG800C3913801910 devid=FG800C3913801910 logid=0100037903 type=event subtype=system level=information vd="root" msg="The sync status with the master" sync_type=configurations sync_status="in-sync" 2016-10-04T14:00:25.128612+02:00 date=2016-10-04 time=14: 00:19 devname=FG800C3913801910 devid=FG800C3913801910 logid=0100037903 type=event subtype=system level=information vd="root" msg="The sync status with the master" sync_type=configurations sync_status="out-of-sync"
I have a lot of logs like the ones above. In fact it seems that master and slave are not in sync. The synchronization status of the two cluster units :
FG800C3913801256 (global) # di sys ha cluster-csum ================== FG800C3913801256 ================== is_manage_master()=1, is_root_master()=1 debugzone global: 94 ff 8c be 11 c1 c0 57 4d d7 73 dd c0 f0 46 db vdc: 3e 57 22 61 f0 58 af 18 66 9c b1 c9 ae 30 ac 75 root: 74 1b f9 bd 5c 41 a4 64 4f d3 1c b5 5c 5a 2c 84 WiFi: 12 17 17 a0 0c eb 1c 19 a8 4a aa 6d ae 5e b8 54 all: 46 ff b5 f4 54 d7 bf 22 c3 7f 4b 52 fb 03 a3 10 checksum global: 94 ff 8c be 11 c1 c0 57 4d d7 73 dd c0 f0 46 db vdc: 3e 57 22 61 f0 58 af 18 66 9c b1 c9 ae 30 ac 75 root: 74 1b f9 bd 5c 41 a4 64 4f d3 1c b5 5c 5a 2c 84 WiFi: 12 17 17 a0 0c eb 1c 19 a8 4a aa 6d ae 5e b8 54 all: 46 ff b5 f4 54 d7 bf 22 c3 7f 4b 52 fb 03 a3 10 ================== FG800C3913801910 ================== is_manage_master()=0, is_root_master()=0 debugzone global: 94 ff 8c be 11 c1 c0 57 4d d7 73 dd c0 f0 46 db vdc: 3e 57 22 61 f0 58 af 18 66 9c b1 c9 ae 30 ac 75 root: 74 1b f9 bd 5c 41 a4 64 4f d3 1c b5 5c 5a 2c 84 WiFi: 4f 3b c4 89 c9 4d e4 19 c6 24 9d 22 d6 9f 4f 8c all: 1e 56 a9 10 5b 8c c1 6d d6 12 38 fb 4a 3c 93 bc checksum global: 94 ff 8c be 11 c1 c0 57 4d d7 73 dd c0 f0 46 db vdc: 3e 57 22 61 f0 58 af 18 66 9c b1 c9 ae 30 ac 75 root: 74 1b f9 bd 5c 41 a4 64 4f d3 1c b5 5c 5a 2c 84 WiFi: 4f 3b c4 89 c9 4d e4 19 c6 24 9d 22 d6 9f 4f 8c all: 1e 56 a9 10 5b 8c c1 6d d6 12 38 fb 4a 3c 93 bc
However with diagnose sys ha showcsum 01 for each vdom and diagnose sys ha showcsum 1 on both master and slave units I've found there are no differences. So why ??? what shall I check yet ? maybe I should force recalculating checksum on slave or both units with command diag sys ha csum-recalculate ? or just forcing resync on the slave unit with the command exec ha synchronize start ?
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Which firmware do you have ?
I had sometimes this issue with firmware 5.2.3. A diag sys ha csum-recalcutate on both unit will stop these log.
Lucas
- « Previous
-
- 1
- 2
- Next »
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same thing here.
Some time after updating from 6.4.8 to 7.0.6 we see the sync status flapping.
I'm aware of how to find differences in the config which cause an out-of-sync status by checksums. This only possible for me when the status keeps being out-of-sync.
This here is different. The cluster is back in sync after 1,5 to 5 minutes. not much time to debug. Happening around 30 to 40 times a day and causing lots of monitoring and email alerts.
Mostly caused by "external-files" but also sometimes by "configuration" even if there is definitly nobody logged in for changes.
Any help much appreciated.
Thanks Markus
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Markus
The "external-files" reason is covered by the external resources used in the firewall. They are set up to refresh periodically from your configured servers.
For the "configuration" part you need to capture what configuration changes are made at that point. Enable informational logs and check them : which account made config changes, what changes ; verify with other admins.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alex,
thanks for explaination. I was familiar with that. Nevertheless this was not the issue.
There where definitly no changes by admins. (we are team of 4 and do not work by night)
Reboot of the standby member fixed it immediatelly for me.
Best
Markus
- « Previous
-
- 1
- 2
- Next »
Related Posts
- Fortigate send UDP 8014 packets on... 26 Views
- Buy second hand Fortigate 8xE 70 Views
- L2 vpn over Internet with Fortigate... 75 Views
- FortiNAC not responding to PA connections 159 Views
- WAN DNS 117 Views
Labels
-
FortiGate
6,566 -
FortiClient
1,308 -
5.2
801 -
5.4
639 -
FortiManager
566 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
267 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
25 -
Firewall policy
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
IP address management - IPAM
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Traffic shaping policy
5 -
SNMP
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Schedule
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Web rating
1 -
FortiManager-VM
1 -
Email filter profile
1 -
Multicast routing
1 -
Internet Service Database
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.