Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hfuentes87
New Contributor

Created on ‎05-21-2022 06:51 AM

Issues High Availability Fortigate

I am trying to place two FortiGate 40F (OS 6.4.8) devices in HA, but I cannot achieve synchronization between the devices, despite the fact that the modifications that I am making in one of the FGs are replicated in the other.
Regarding physical connectivity, they only have the WAN connection to a switch that is connected to a router. Heartbeat port is LAN 3.

hfuentes87_2-1653140335348.png

Regarding the front LED witnesses, it strikes me that in one of the two devices (the secondary) the Speed LED of the Heartbeat interface does not light up

hfuentes87_3-1653140478185.png

When I configure both FGs, if I keep the Heartbeat cable connected, I am only allowed to access the configuration of the primary from its management interface, being impossible to access the configuration of the secondary from its respective management interface.
In the HA menu, keep the secondary as out of sync.

hfuentes87_4-1653140551084.png

The configuration of the interfaces on HA FG 1 (the primary) is:

hfuentes87_5-1653140600854.png

And the HA configuration on the primary FG is as follows:

hfuentes87_6-1653140656488.png

Regarding the second, the configuration (which I can only access when I disconnect the cable from the Heartbeat interface, becoming primary) is as follows:

hfuentes87_7-1653140691484.png

Finally, the HA configuration in FG 2 is as follows:

hfuentes87_8-1653140722080.png

I am not configuring any interface to monitor in order to reduce the chances of error.
Also, I checked the checksums and both global, root and all are the same.
I would appreciate if someone could analyze the possible failure since I can't identify what it is.
From already thank you very much

Horacio FUENTES

Labels:
5067
0 Kudos
2 Solutions
AEK
SuperUser
SuperUser

Created on ‎05-21-2022 12:26 PM

Hola Horacio

 

Your Lan3 HB interface is obviously  down on secondary FGT.

Try check the interface is administratively up, otherwise bring it up, otherwise replace HB cable and make sure it is at least Cat5a or Cat6, otherwise change HB interface.

AEK

View solution in original post

AEK
5053
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎05-21-2022 09:00 PM Edited on ‎05-21-2022 09:01 PM

To access the secondary in GUI, you need to use LAN1/MGMT interface by setting the GW in the HA config, and assigning different IP on the interface. It doesn't show it at the place you're trying to see because the secondary HA config is supposed to be almost identical with the primary.

 

But first thing you need to check is "get sys ha status" on both units. As AEK suspects that would likely show some kind of heartbeat connection problem at the top of the output.

Then I'm concerning the LED on the bottom unit in the picture. 6.4.8 has a bug and SPEED LEDs don't get lit on FG40F like the top unit. Maybe a bad port on the bottom unit or a bad cable.

By the way, the LED issue was fixed by 6.4.9, which you might want to try upgrading them to, but I suspect more hardware/Layer1 problem.

 

Toshi

View solution in original post

5041
0 Kudos
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎05-21-2022 12:26 PM

Hola Horacio

 

Your Lan3 HB interface is obviously  down on secondary FGT.

Try check the interface is administratively up, otherwise bring it up, otherwise replace HB cable and make sure it is at least Cat5a or Cat6, otherwise change HB interface.

AEK
AEK
5054
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎05-21-2022 09:00 PM Edited on ‎05-21-2022 09:01 PM

To access the secondary in GUI, you need to use LAN1/MGMT interface by setting the GW in the HA config, and assigning different IP on the interface. It doesn't show it at the place you're trying to see because the secondary HA config is supposed to be almost identical with the primary.

 

But first thing you need to check is "get sys ha status" on both units. As AEK suspects that would likely show some kind of heartbeat connection problem at the top of the output.

Then I'm concerning the LED on the bottom unit in the picture. 6.4.8 has a bug and SPEED LEDs don't get lit on FG40F like the top unit. Maybe a bad port on the bottom unit or a bad cable.

By the way, the LED issue was fixed by 6.4.9, which you might want to try upgrading them to, but I suspect more hardware/Layer1 problem.

 

Toshi

5042
0 Kudos
vponmuniraj
Staff
Staff

Created on ‎05-22-2022 11:04 PM

Hi,

 

Like the commenter above said, looks like the port3 on the secondary box is down. 

 

Use another port and cable to confirm if this is a hardware issue. 

 

 

Regards,

Vignesh
4991
0 Kudos
hfuentes87
New Contributor

Created on ‎05-24-2022 12:56 PM

I finally noticed that the firmware versions were different. I updated them and corrected the aspects that Toshi_Esumi detected. Thank you very much for the information.

4977
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to hfuentes87

Created on ‎05-24-2022 02:36 PM

yea, that would never sync if the versions are not the same.

4969
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.