Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Adanio
New Contributor

Fortigate HA doesn't work

Hello, 

I have 2 Fortigate 100D and i want to have them configure with HA active-passive. 

have configure them as recommended with no luck. 

 

i've read that you need to have identical Fortigate devices. 

my HWID of both Fortigate is: 

1: HWID C4LL40-04AA-0000

2: HWID C4LL40-07AA-0000

 

Can i form HA with these 2 devices? is the difference between HWID is what preventing HA to work? 

 

Thanks

5 REPLIES 5
Bubu
Contributor

Hi Adanio,

No problem with your two different HWID. You can configure your HA A-P without problem.

Did you tried to troubleshoot? 

> show system ha

> diagnose sys ha status

> get system ha status

> diagnose sys ha checksum show

 

Give us more info please.

Bubu

Bubu
Fullmoon
Contributor III

Hi,

 

did you try ignoring hardware revisions? Maybe you can try this link http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_config_troubl...

 

Fortigate Newbie

Fortigate Newbie
emnoc
Esteemed Contributor III

Agreed try that but are you sure all is identical in the config sys ha settings ? You can dump on the  interfaces between the two interfaces and ensure you see traffic. If your usinga HA groupname and password different han the default, re-key it and monitor

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Adanio
New Contributor

Hi Emnoc, Fullmonn and Bubu, 

Thank you for your quick reply. 

 

i did read about ignoring hw, but that's require reload and need to get window for this. 

Other than that all config is the same and re enter it few times to make sure. 

 

will check your recommendation / tshoot commands and will update with results. 

 

Thanks! 

 

journeyman

If you have one 100D in production you should be able to build a cluster by adding the second, no outage required, assuming the hardware and firmware is identical.

I'm not sure if it's absolutely correct but my understanding is that "System Part-Number" must match (from get sys stat).

What happens when you try to form the cluster?

What are your HA settings? Do you have a USB stick in one or the other FGT? A USB installed during startup is mounted and will cause a hardware mismatch. Check the output of fnsysctl df matches on both units.

Labels
Top Kudoed Authors