Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MichaelHinz
New Contributor II

Created on ‎11-15-2024 07:57 AM

Fortigate Rugged 60F unable to HA sync after FortiOS upgrade to 7.2.x

Hello Community,

 

We recently upgraded an existing Fortigate Rugged 60-F (FGR-60F) cluster from 7.0.x to 7.2.x.  The cluster was in sync and operating fine in 7.0.x but failed to establish the HA cluster after the FortiOS upgrade.  After troubleshooting this with Fortinet we learned that even though there is only one SKU for order placement (FGR-60F), Fortinet itself has various generations of this hardware platform (currently 5).  The first 2 generations came with only one power supply and since the 3rd generation a 2nd power supply was added to the platform.  

 

FGR60F_generations.png

The problem now is that FortiOS 7.2.x added new command statements (config system vin-alarm) that only work on gen 3-5 which results in a configuration difference between gen 1-2 and 3-5 that prevents clusters from being able to get in sync.

 

How can you tell what generation of hardware you have?  Two ways:

  • Run the CLI command "get system status" and look for the "System-Part-Number".  The first digit of the last 2 digits tells the generation (i.e. P25210-21 is a Gen2, P25210-50 is a Gen5)
  • Physically look at the back of the device - if it has 2 power supplies it is a Gen 3-5, if it has only 1 then it is a Gen 1-2

I am expecting that multiple customers might run into issues that are not directly obvious since with no other Fortigate model series did we ever have to pay attention to Generations of hardware.  The rule of thumb was always that if the models are the same then you can cluster. 

 

I don't know why Fortinet would not offer a software fix for this (to enable/disable this feature) so that different generations of hardware can sync, but with this current situation you can only ask Fortinet for an RMA and you have to make sure that they send you a matching generation back to avoid this conflict. 

 

I can see this to become a major issue once more customers change FortiOS versions or have to deal with RMA's not letting them sync their clusters due to the received RMA not being of the right generation....

 

FortiGate #fortios #rugged #fgr-60f #highavailability

Labels:
297
0 Kudos
1 REPLY 1
dbhavsar
Staff
Staff

Created on ‎11-28-2024 01:18 PM

Hello @MichaelHinz ,

 

Can you run command "get sys status", there you will be able to see the part number of the device being used.

DNB
53
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.