Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aagrafi
Contributor II

FG cluster appears to be out-of-sync after upgrade

Hello,

 

I upgraded an a-p cluster of two FG1000D from 5.6.3 to 5.6.4 via FMG. Everything went fine in the upgrade, but and I'm facing the following issue afterwards:

Although the cluster is in-sync, in the FGs GUI it appears to be out-of-sync (see the attached photo).

 

Here is some CLI output:

FGTDC-1 (global) # get sys ha status HA Health Status: OK Model: FortiGate-1000D Mode: HA A-P ...

Configuration Status:     FGT1KDxxx(updated 1 seconds ago): in-sync     FGT1KDyyy(updated 1 seconds ago): in-sync ...

Master: FGTDC-1         , FGT1KDxxx, cluster index = 0 Slave : FGTDC-2         , FGT1KDyyy, cluster index = 1 ...

 

diag sys ha check show displays the same checksum in both units (I omit the output).

 

I'm pretty sure that the cluster works fine, but I don't know why it appears out-of-sync in the GUI. BTW, the cluster appear to be OK in the FMGs device manager. Any ideas why this happens?

 

Thanks

3 REPLIES 3
Kenundrum
Contributor III

I had similar problems even with 5.4. Executing a manual config sync seems to fix it.  

(i've got the logs and process at my office and i'll update the post with exact commands tomorrow)

 

I believe the cli command was simply

execute ha synchronize start

 

i performed it on the master and all subordinates as well as disabling/re-enabling the ha sync process just for good measure 

CISSP, NSE4

 

CISSP, NSE4
neonbit
Valued Contributor

I had the same problem with my cluster when I upgraded to 5.6.2. Once I joined the cluster the GUI showed they were not sync'd, but the CLI said the checksums were sync'd.

 

I tested by rebooting my master and confirmed the slave come up ok and the config was syncd. When the old master came back online the GUI showed that they were both sync'd correctly.

aagrafi

I didn't reboot the master because I didn't want to disrupt the cluster, but the problem was cured in a couple of days. I don't know why did this happen, but since the cluster in fact was functioning OK, that's fine for me.

Labels
Top Kudoed Authors