Created on 06-04-2021 02:09 AM Edited on 09-21-2023 09:56 PM By Jean-Philippe_P
Description
This article describes how to troubleshoot the error received when the HA FortiGate does not have the same license subscription across the cluster units.
Scenario:
Scope
Any supported version of FortiGate in HA.
Solution
Access FortiGate with putty SSH, through the GUI, or through the CLI and run the following command.
diag debug reset
diag debug disable
diag debug app update -1
diag debug enable
The following is the output of the update daemon log when the Fortigate HA does not have the same license subscription:
------------------------------------------------------------------------------------------------------------------------------------------
do_update[484]-Starting now UPDATE (final try)
upd_act_HA_contract_info[724]-ContractItem (1) does not contain all HA (2): FG6H1Exxxxxxxxxx
do_update[496]-UPDATE failed
do_check_wanip[642]-Starting getting wan ip
upd_comm_connect_fds[458]-Trying FDS 173.243.140.6:443
tcp_connect_fds[234]-Binding to interface 13
[113] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[480] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[486] ssl_ctx_use_builtin_store: Enable CRL checking.
[493] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
If one of the FortiGates has a lower level of licensing, then all the FortiGates in the cluster operate at the lowest licensing level.
Related document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.