Sometimes after performing a Firmware upgrade on FortiGate HA pairs, I find that after sometime the cluster still stays out of sync and won’t synchronise. I usually find this is because the checksums of the config files on each or some members are different. To quickly check if this is the case, fire up the CLI and run the following command that will output the HA checksum.
# diag sys ha checksum cluster
If the output don’t match and we’re happy with the configuration of the primary we can issue a checksum recalculate by issuing the following command
# diag sys ha checksym recalculate
Just entering the command without options recalculates all checksums. You can specify a VDOM name to just recalculate the checksums for that VDOM.
More Posts
We recently had a customer take advantage of a free upgrade from FTTN (Fibre to the Node) to FTTP (Fibre to the Premise) for their NBN (National Broadband Network) service. However during cut-over the FortiGate wasn’t picking up connectivity on the WAN port, this had the on-site guy stumped for 10 minutes until we jumped […]
Despite all the things people say about Connectwise, I still hold ScreenConnect or Connectwise Control close to my heart as one of the best support and remote access tools out there. It’s light, friendly and easy to use for support staff and end users and just gets the job done. I look after our own […]
One of my clients using SharePoint 2007 were uploading some files to their site recently and got the following error: The following file(s) have been blocked by the administrator By going through Central Administration, I was able to unblock the file and allow them to upload the particular file to the library they were wanting […]
Leave a Reply