Description
This article describes how to fix an issue where, when one of the devices in an HA cluster has additional VDOMs other than the standard 10 VDOMs per firewall, the HA cluster does not form.
Scope
- FortiGate: model 3000 or higher (FortiGate-1240B supports 25 VDOMs).
- FortiOS firmware - version 3.0 and higher.
Solution
Once the secondary is added in the cluster, if the cluster is not forming, run the commands below:
diagnose debug hatalk -1
diagnose debug hasync -1
diagnose debug enable
The output displayed will reveal the following: HA cannot be formed because this box has XXX VDOMs. It exceeds the maximum number of VDOMs allowed on the HA peer <peer firewall>, which only allows maximum 10 VDOMs.
Purchase a license key for the secondary firewall.
To obtain a VDOM license key:
Record the FortiGate serial number. It is possible to find the serial number in the web-based manager on the System Status page.
Login on the Fortinet Support website, and use the serial number of the registered FortiGate to purchase a license key for 25, 50, 100, 250, or 500 VDOMs.
- When the license key is received, go to System -> Maintenance -> License on the FortiGate.
- In the License Key field, enter the 32-character license key received from Fortinet.
- Select Apply.
