Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Responding on HA IP address



I wasn't sure which topic that my question fell into since it's a mix of network routing/HA. I found the following error below (some information is redacted) in my firewall logs. I've done research on what was actually happening on the firewall and determined that the firewall's external port (IP X.X.X.X) was reaching out to ( The firewall is running HA and I've found that "HA inter-VDOM link interfaces on the primary unit are assigned IP addresses and" (

Mar 22 06:48:36 devicevrr date=2018-03-22 time=06:48:36 devname=device1 devid=FG200D1111111111 logid=0100020085 type=event subtype=system level=information vd="root" logdesc="session clash" status="clash" proto=6 msg="session clash" new_status="state=04000200 tuple-num=2 policyid=0 dir=0 act=1 hook=4> dir=1 act=2 hook=0>X.X.X.X:21978(" old_status="state=00004200 tuple-num=2 policyid=0 dir=0 act=0 hook=3 X.X.X.X:21978-> dir=1 act=0 hook=1>X.X.X.X:21978("

I'm wondering why the firewall would have attempted to respond on the HA IP address I wasn't able to find any other log entries which indicated that this was happening. This only was noticed due to the session clash that occurred between the HA IP and the external IP. Any clarification would be appreciated.


Thanks, Dan

Esteemed Contributor III

Read this


is that explicable  to your situation?







PCNSE NSE StrongSwan
New Contributor

We saw this traffic specifically destined to FortiGuard so if it works similarly to a FortiAnalyzer then it could be. I'm not sure how I would determine if the FortiGates are running MR7, but we are using HA.

Top Kudoed Authors