Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Fortigate HA out of sync after upgrading to versio...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate HA out of sync after upgrading to version 7.4.9
Hi!
I recently updated the firmware of a FortiGate 200F from version 7.2.11 to 7.4.9 and the HA did not finish synchronizing.
There are 2 tables out of sync:
- system.central-management
- firewall.internet-service-name
Any ideas to solve it?
Labels:
- Labels:
-
FortiGate
-
High Availability
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
run below command on both firewalls
#diag sys ha checksum recalculate
If still showing not synced , get below output and attach to here on both firewall
get sys status
show sys central-management
show firewall internet-service-name
Follow this KB how to access the secondary from primary to run the commands
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Additionally to Derek's advice, I usually get it solved quickly just by rebooting the passive node. This usually works.
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your responses.
I ran the command:
#diag sys ha checksum recalculate
And the secondary firewall was also restarted, but it still won't sync with HA.
I'm sharing the output from the commands provided.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Kyra_98 Can you login to secondary device and try to added the below part manually first
config sys central-management
set vdom 'vsys_hamgmt'
end
set vdom 'vsys_hamgmt' --this is the command that is missing from the secondary for the central management part
This is bit strange as vsys_hamgmt will be the hidden vdom system created for your device automaticlly once you have a dedicated management interface enabled for OOB
Let's see whether above will fix the first table, we come back to your ISDB name mismatch will be require bit troubleshooting
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I try to run the indicated command but I get the message "entry not found in datasource"
FG_SECONDARY (central-management) # set vdom vsys_hamgmt
entry not found in datasource
value parse error before 'vsys_hamgmt'
Command fail. Return code -3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ended up setting "set vdom root" to fix that table and so far it's fine.
But the problem with ISDB remains.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Kyra_98 Nice to hear that fixed the table of central management
For your ISDB one, I think we might need to give a kick for pulling FortiGuard update from secondary device
Check whether you have proper connection from secondary for FortiGuard
Login secondary devie ( I believe you should have GUI access)
Open CLI and execute below
exe enter vsys_hamgmt ( not support tab key, type manually)
get router info routing-table all ( you should only see 1 single route here)
exe ping update.fortiguard.net
exe ping service.fortiguard.net
After you made sure you getting proper ping reply from above
Type
exit ( to exit the hiddent vdom)
Run below command
exe update-now
Wait for 1-2 minutes and do the HA recalculate on your primary and secondary see whether that will fix
Labels
-
FortiGate
10,784 -
FortiClient
2,204 -
FortiManager
902 -
FortiAnalyzer
689 -
5.2
687 -
5.4
638 -
FortiSwitch
595 -
FortiClient EMS
579 -
FortiAP
568 -
IPsec
443 -
6.0
416 -
SSL-VPN
391 -
FortiMail
380 -
5.6
362 -
FortiNAC
297 -
Fortiweb
257 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
205 -
FortiAuthenticator
185 -
FortiGuard
161 -
5.0
152 -
Firewall policy
148 -
FortiGate-VM
141 -
6.4
128 -
FortiCloud Products
118 -
FortiSIEM
114 -
FortiToken
114 -
FortiGateCloud
112 -
Wireless Controller
96 -
High Availability
93 -
Customer Service
88 -
FortiProxy
79 -
SAML
78 -
ZTNA
77 -
Routing
76 -
Fortivoice
73 -
DNS
73 -
VLAN
73 -
BGP
72 -
FortiEDR
71 -
Authentication
71 -
FortiADC
69 -
Certificate
69 -
RADIUS
63 -
LDAP
63 -
FortiLink
59 -
SSO
57 -
FortiSandbox
55 -
NAT
55 -
FortiExtender
52 -
Interface
50 -
VDOM
50 -
4.0MR3
49 -
Application control
48 -
Virtual IP
44 -
FortiDNS
43 -
Logging
42 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
SSL SSH inspection
38 -
FortiPAM
37 -
Web profile
36 -
FortiConnect
35 -
Automation
35 -
FortiWAN
31 -
FortiConverter
31 -
API
29 -
FortiGate v5.2
28 -
Fortigate Cloud
26 -
Traffic shaping
26 -
Static route
26 -
SNMP
25 -
SSID
25 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
System settings
22 -
WAN optimization
22 -
FortiMonitor
20 -
OSPF
20 -
Security profile
19 -
Web application firewall profile
19 -
Web rating
19 -
IP address management - IPAM
19 -
FortiSoar
18 -
FortiDDoS
17 -
FortiAP profile
17 -
FortiGate v5.0
16 -
Explicit proxy
16 -
Admin
15 -
IPS signature
15 -
Proxy policy
15 -
Intrusion prevention
15 -
FortiManager v4.0
14 -
FortiCASB
14 -
NAC policy
14 -
DNS filter
13 -
Users
13 -
FortiManager v5.0
12 -
FortiDeceptor
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiBridge
11 -
FortiRecorder
11 -
Authentication rule and scheme
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
Trunk
10 -
Traffic shaping profile
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Application signature
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiNDR
6 -
DoS policy
6 -
FortiCarrier
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Cloud Management Security
5 -
3.6
4 -
FortiAI
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2691 | |
| 1412 | |
| 810 | |
| 710 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.