I have an HA firewall which is currently out-of-sync.
Checked the 'out of sync tables' and compared the config on FW-A and FW-B. There is no mismatch.
Next step is to work #diagnose sys ha checksum recalculate on both FWs
Will this recalculating command will cause overlay tunnels to failover to secondary unit?
What does it do internally to the firewalls? What is the possible impact to the network?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
checksum recalculate just recalculates checksum of the config. Nothing else.
But If you don't see any mismatch you shouldn't see "out-of-sync". Should have no effect with recalculation if matching.
Is it what you saw in "get sys ha status"? I meant the out-of-sync.
Did you run "diag sys ha checksum cluster | grep all:" and all were exactly the same?
Toshi
The mentioned command just recalculates the configuration checksum of the cluster node on which you run it, and doesn't have any impact on the functioning of your FortiGate.
If the out of sync situation is due to checksum calculation and not to configuration itself, when you run it on both cluster nodes to recalculate the checksum the out of sync status is cleared. But if there is a real configuration difference then the out of sync status remains.
This tech tip may help:
Hi @heyyo,
Is it a new HA setup? When did the issue start? What was change?
You mentioned that there is no mismatch in the configuration. In that case, I would suggest checking to make sure both units have the same firmware version.
Regards,
Hello @heyyo
Here is a nice guide for resolving HA cluster out of sync.
You can check which configuration objects are out of sync and if recalculating checksum doesn't resolve the issue, you can isolate the secondary and reform cluster.
If you have any question regarding this, please let me know.
Regards,
Varun
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.