Hello,
this morning we decided to update a FG80F cluster from 7.4.4 to 7.4.5.
Stupid from my side, I did not check if the HA was synced and I did not notice anything wrong. I uploaded 7.4.5 and I lost access to the FG so that the Slave did not enter in the game.
After restart of the master we still had no sign of the slave. Since this is a remote side I asked a person to remove all cables from the slave unit and try to connect via port 1 LAN but there is no ping. Than we restarted the slave thinking that it might start as master but still no access. This unit for sure did not update to 7.4.5 and being with another OS it will not work in the HA anymore.
Any ideas to solve this? At the end there is just the option to access via console? Only change to reset and start HA over?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Roland
Here is how I'd proceed (but I don't know if this is the best solution).
This shouldn't be traffic disturbing but for precaution I'd do this in maintenance window.
Yes, this is the procedure I know and what we already started.
BUT just to understand, since we do 100 times updates and we get 1-5 times problemas and after we dont really know what happened.
In this case of course it was stupid not to check HA sync but I dont know if there was a problem. Also is this normal that removing the slave I have no option to access and just update manually, I mean restarting the unit without the main it doenst get up as new master so that I can access?
We will connect via console on monday.
Thanks
As you said in more than 95% the firmware upgrade works fine. Just in very few cases it can have an issue due to a prior error or mistake, like a bug (that's why one should read the release notes) or like in your case HA was not sync.
Hi,
we formated the FG and manually updated to 7.4.5 so that both FGs are in the same OS.
I configured the interfaces and the HA on the slave and connected to the HA and nothing happens. I am connected via console on the Slave and with get sys ha status on both FGs I dont get information from the other unit (only member of that cluster).
The checksums are different and recalculate doesnt help.
One thing, since the Slave was not in SYNC for months it didnt update the new licenec we put on the FG Cluster. Is is possible that without having the same licence it will not sync in the HA?
Thanks,
Roland
Hi Rolan
As per my knowledge there is no need for license to configure a cluster.
Did you properly configure HA (id, password, ...) on the new secondary node? (config sys ha)
Are you sure?
I did the config on the Web Gui, there is not much data and configuration so I am pretty sure I did everything right.
I would try on both sides to set up with CLI but first I wanted to be sure about the licences. Again the Slave was not in SYNC and when we updated the licene for the HA it just updated the Master one, so licence for sure are not the same. In the Slave it shows that it has no licence...
Thanks
Actually I'm not sure and I can't test it in my lab.
So first you may need to connect the secondary node to internet to update its license info, then try to build the cluster again.
Hi,
I put the slave with WAN1 routing all traffic from the Master via WAN2. It took the slave 5mins to get all licencing. After that I connected HA again and now I can see the slave unit in the HA of the master but sofar there are not in sync. I guess this will take a while but I am positive that it will work out.
Thanks
You may use this guide for troubleshooting.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1546 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.