I have two unsynchronized fortigate 200f devices (v7.2.5) hooked up to HA.
After the last update the checksums got so bad that the only path recommended by support was to configure the slave device from scratch. Recalculating the checksums manually didn't do anything.
I concluded that I would hold off until the new firmware was released, hoping that after uploading v7.2.6 the devices would sync up again.
Has anyone used this solution successfully? Should I now start the upgrade with the master or slave?
@achin
If you try to upgrade while fortigates are not in synch, your upgrade most probably will stuck and not go forward.
So the best case is to disconnect secondary unit, upgrade both members separately, factory reset secondary device, and configure cluster settings, then connect HA port cables , wait for it to synch and then connect traffic carrying ports.
Hi,
For rebuilding the HA cluster please follow the KBs - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Rebuilding-an-HA-cluster/ta-p/195429
Best regards,
Erlin
7.2.6 has been out since two weeks ago. But if two many parts of configuration is unsyncable due to conflicts, most unlikely upgrading both units wouldn't help match. I would just isolate the secondary, factory reset, configure HA, then re-reconnect heartbeat connection to the primary to let it sync, which keep watching at the progress of syncing at both primary and secondary console ports.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.