FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
opetr_FTNT
Staff
Staff
Article Id 195330
Description
This article describes how to proceed when the Slave node is stuck in reload loop.  This problem can occasionally happen after upgrade and is often caused by incorrect (impossible) configuration on the Master unit.

Solution
This can usually be solved by disabling HA to stop the reloading of the Slave unit, and then swapping roles, waiting for sync and then reverting to the original roles.

1) On Master unit

Stop reloading of the slave by running:

config system ha
set mode off
end


2) Change roles

On Slave unit (unit B)

config system ha
set mode master
end


On Master unit (unit A)

config system ha
set mode slave
end


3) Wait for synchronization (unit A may reload once), then swap back to the original roles

On unit B

config system ha
set mode slave
end


On unit A

config system ha
set mode master
end


To verify that everything is working correctly, do a config change on the master unit and check on the slave unit that it was synchronized correctly.

For example, create dummy session profile.

Master # config profile session
edit test-profile
end


Then verify that the setting was correctly transferred to the slave unit

Master # get profile session
== [ session_basic_predefined ]
== [ Outbound_Session ]
== [ Inbound_Session ]
== [ test-profile ]


Slave # get profile session
== [ session_basic_predefined ]
== [ Outbound_Session ]
== [ Inbound_Session ]
== [ test-profile ]


In case switching the roles would not fix the issue (slave unit would still keep reloading), create a ticket with support and provide following information:

* configuration backup from both units
* output of following, also from both units
diag sys ha show
diag sys ha show global

Contributors