Hot!Fortigate HA doesn't work

Author
Adanio
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/11/29 12:37:14
  • Status: offline
2018/03/20 05:29:05 (permalink)
0

Fortigate HA doesn't work

Hello, 
I have 2 Fortigate 100D and i want to have them configure with HA active-passive. 
have configure them as recommended with no luck. 
 
i've read that you need to have identical Fortigate devices. 
my HWID of both Fortigate is: 
1: HWID C4LL40-04AA-0000
2: HWID C4LL40-07AA-0000
 
Can i form HA with these 2 devices? is the difference between HWID is what preventing HA to work? 
 
Thanks
#1

5 Replies Related Threads

    Bubu
    New Member
    • Total Posts : 16
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/02/08 02:16:36
    • Status: online
    Re: Fortigate HA doesn't work 2018/03/20 05:46:24 (permalink)
    0
    Hi Adanio,
    No problem with your two different HWID. You can configure your HA A-P without problem.
    Did you tried to troubleshoot? 
    > show system ha
    > diagnose sys ha status
    > get system ha status
    > diagnose sys ha checksum show
     
    Give us more info please.
    #2
    Fullmoon
    Platinum Member
    • Total Posts : 762
    • Scores: 5
    • Reward points: 0
    • Joined: 2010/08/02 18:02:10
    • Status: offline
    Re: Fortigate HA doesn't work 2018/03/20 06:17:37 (permalink)
    0
    Hi,
     
    did you try ignoring hardware revisions? Maybe you can try this link http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_config_troubleshooting.htm
     

    Fortigate Newbie
    #3
    emnoc
    Expert Member
    • Total Posts : 4727
    • Scores: 280
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Fortigate HA doesn't work 2018/03/20 06:39:33 (permalink)
    0
    Agreed try that but are you sure all is identical in the config sys ha settings ? You can dump on the  interfaces between the two interfaces and ensure you see traffic. If your usinga HA groupname and password different han the default, re-key it and monitor
     
    Ken

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #4
    Adanio
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/11/29 12:37:14
    • Status: offline
    Re: Fortigate HA doesn't work 2018/03/21 04:58:48 (permalink)
    0
    Hi Emnoc, Fullmonn and Bubu, 
    Thank you for your quick reply. 
     
    i did read about ignoring hw, but that's require reload and need to get window for this. 
    Other than that all config is the same and re enter it few times to make sure. 
     
    will check your recommendation / tshoot commands and will update with results. 
     
    Thanks! 
     
    #5
    journeyman
    Gold Member
    • Total Posts : 160
    • Scores: 0
    • Reward points: 0
    • Joined: 2011/03/15 22:56:36
    • Status: offline
    Re: Fortigate HA doesn't work 2018/04/04 22:49:27 (permalink)
    0
    If you have one 100D in production you should be able to build a cluster by adding the second, no outage required, assuming the hardware and firmware is identical.
    I'm not sure if it's absolutely correct but my understanding is that "System Part-Number" must match (from get sys stat).
    What happens when you try to form the cluster?
    What are your HA settings? Do you have a USB stick in one or the other FGT? A USB installed during startup is mounted and will cause a hardware mismatch. Check the output of fnsysctl df matches on both units.
    #6
    Jump to:
    © 2018 APG vNext Commercial Version 5.5