getting this HA error:
Message meets Alert condition
date=2011-05-20 time=01:13:34 devname=Colo_FW_HA_2 device_id=FG300Axxxxxxxxxx log_id=0105037903 type=event subtype=ha pri=information vd=" root" msg=" The sync status with the master" sync_type=external-files sync_status=out-of-sync
I have tried the command:
execute ha synchronize all
But that did not seem to fix it. Any other ideas? Fortinet said i need to dis-join the slave and rejoin it to the HA pair. these firewalls are in a co-location that is very far away so i would prefer not to have to travel to do this.
It can be done remotely, as long as you put a valid routeable IP address on the connected port when you break the slave out. You remote into the slave via that interface, and join it back into the stack.
Don' t think I did that. When I joined it to the stack I just added it in right from an out of the box config. I also have the WAN connection as port 1 which I believe is the default LAN connection in an out of the box config. So I would lose connectivity it sounds like if i did this remotely.
I do have a server there that has a console cable connection to each firewall in the stack. So I' m not completely without access.
I was actually hopeful there was another way via the CLI to force these damn things to sync whatever is different.
When you disjoin a unit, you are asked to supply an IP address and an Interface to put it on. After it' s been removed, all interface settings (except the one) and routes are removed, but the rest of the config stays in place. So this being the only interface with an IP, you can get to it. I' ve done it several times.
Don' t think I did that. When I joined it to the stack I just added it in right from an out of the box config.
NOTE: Were they running the same version of code when you linked them together?
i think I' ll just drop the second one and re-add it. last time I tried a format on my 310B units it didn' t turn out well. the units wouldn' t boot in safe mode and find the tftp server to flash from. Fortinet thought I had a bad firewall and sent me a new one. the new one did the same thing!
tftp server worked fine and was accessible from multiple other clients i tested from...
To clarify when I say the firewall wouldnâ€™t boot in safe mode and pull down firmware from a tftp serverâ€¦. The firewall never initialized its Ethernet port. The light on the port never came on and the laptop I had it connected to never had its port light up either. The laptop never reported an active network connection.
I know youâ€™re supposed to use a crossover cable, but al also tried a straight through cable, and even tried a switch and a hub in the middle. I following the documentation which direct which port to plug in and the IP scheme to useâ€¦. No luck.
Fortinet through I had a bad firewall and sent me a replacement, but the replacement did the exact same thingâ€¦ clearly a design flaw.
What is really strange in your case billp is you' re running an active-active cluster. If something was actually out of sync you would be seeing some issues I would expect as i would think that the firewalls could be handling traffic differently.
has anyone found a solution other then blowing up the cluster and recreating it?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.