Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

How to get storage-related config out of 60D?

Hello, I've got an active 60D and a second.  They are identical hardware and purchased at the same time, but one has been upgraded repeatedly over the past few years and the other has been factory reset with 5.6.3 as of a few days ago.  The live one is running 5.6.3 as well.


I'm trying to make them into an HA pair and am having an issue where the second never completes the config sync.  I believe it's related to the first one having existed when the OS still had a concept of local storage on the 60D even though it has none.  So in the config on the primary it has an empty "config system storage" in the config:


config system storage end


and in the HA debugging, I can tell the checksums differ for the following:


22d21 < 00000000000000000000000000000000 60,61d58 < wanopt.forticache-service: 00000000000000000000000000000000 < 00000000000000000000000000000000


So I believe this is an issue of the active unit having legacy storage-related checksums and the reset secondary unit having no matching devices.


Is there a safe way for me to eliminate these storage leftovers from the active unit so I can get HA to sync up?


Well here is what I had to do:

  • factoryreset the secondary 60D
  • Interrupt boot and format boot, leaving device without OS
  • TFTP original 60D firmware 5.0.1 onto device (from local network since remote tftp is broken)
  • Boot up - at his point, since Fortinet had not yet disabled local storage, the system partitioned and formatted the flash device with both a /dev/sda and /dev/sdb (the one that ultimately goes away), and after boot, 'config system storage' was now visible.  Additionally, now 'diag sys ha checksum show global' spits out the previously missing, wanopt.forticache-service and variables.
  • I re-connected to the primary 60D, confirmed via 'exec ha ignore-hardware-revision status' that hardware difference ignoring was NOT enabled where on my first attempt it had to be because the secondary simply shut down without that on. 
  • Re-established HA and now things sync'd up and completed successfully on the first try.[/ul]

    It appears that 60D which begin life post-5.0.7 will not have the missing 'config system storage' part of the config, or the related variables in the ha sync checksums, so they will never be able to sync up with a 60D that started out pre-5.0.7.  So you have to take the mismatched one back to old firmware to get the /dev/sdb to be formatted and then you're good to go.

  • Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Top Kudoed Authors