I have two Fortigate 600C units in a HA cluster, the GUI states that the Slave is not syncronised with the Master, this is true as I have run a command and can see that the checksums are different. Fortinet say I should do the following:-
1. Take a backup of the Master from GUI
2. Rename the file to slave, change the hostname and proirity number in the file
3. Take Slave out of HA, Update config from GUI with Master config
4. Re join the HA
Surely there is a command to re rync the slave from the master config, does anyone know if there is such a command?
Any help greatly appreciated.
Nick.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Not sure but you can use following link for troubleshooting.
I don't know what version you're running them but especially earlier versions of 5.2.x we experienced more than a couple of HA non-sync issues that once it fell into some certain conditions it would never come back to in-sync no matter what we adjusted in config to correct.
To give the slave a fresh start, I would just break the HA and re-format the slave, reload the os image and configure only HA portion (config sys ha and mgmt interface) then normalize the cables and/or shutdown interfaces to put them back in HA operation. Just keep watching at console output, especially on the slave side, when the syncing process pregresses (It's entertaining if you keep checking the slave config how much it's copied over). You would see messages indicating it tries syncing, trying again...in a couple of cycles. If you want to speed up that process toward the end, you might want to run a command line to "recalculate checksum" on both master and slave a couple of times. The CLI is slightly different between major version. Be aware the slave would kick you off at the end of every cycle of syncing, so you have to re-logon when that happens.
Many thanks for info, I think that is the best option, i think if i just unplug all the interfaces re format, configure the HA part and mgmt interface, if i boot up with just the HA cable connected then once synronized i can plug all the other interface cables in, does that sound correct.
Nick.
Yes, of course.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.