- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate upgrade with HA unsynchronized
I have two unsynchronized fortigate 200f devices (v7.2.5) hooked up to HA.
After the last update the checksums got so bad that the only path recommended by support was to configure the slave device from scratch. Recalculating the checksums manually didn't do anything.
I concluded that I would hold off until the new firmware was released, hoping that after uploading v7.2.6 the devices would sync up again.
Has anyone used this solution successfully? Should I now start the upgrade with the master or slave?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@achin
If you try to upgrade while fortigates are not in synch, your upgrade most probably will stuck and not go forward.
So the best case is to disconnect secondary unit, upgrade both members separately, factory reset secondary device, and configure cluster settings, then connect HA port cables , wait for it to synch and then connect traffic carrying ports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
For rebuilding the HA cluster please follow the KBs - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Rebuilding-an-HA-cluster/ta-p/195429
Best regards,
Erlin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
7.2.6 has been out since two weeks ago. But if two many parts of configuration is unsyncable due to conflicts, most unlikely upgrading both units wouldn't help match. I would just isolate the secondary, factory reset, configure HA, then re-reconnect heartbeat connection to the primary to let it sync, which keep watching at the progress of syncing at both primary and secondary console ports.
Toshi
