<!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-6ZMZ3S49YN"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-6ZMZ3S49YN'); </script>
It's a Kuhlua in your coffee first thing in the morning when you suddenly find your paired Fortinet devices out of sync and the FortigateSDN down and certain dynamic addresses just bling with red exclamation marks. Like what in the world?
Well for one thing, the secondary is still showing green. However, it's not an actual full fail because the Policies with hard-coded IP addresses so traffic is still going through, so it was hard to see right away.
1. Get the FortigateSDN Connector with Azure with the correct secret, check in the GUI.
Use the CLI to check if information about the SDN Connectors is there, though obviously it is.
show full | grep -f FortigateSDN
diag debug enable
diag debug app azd -1
I don't like using the config command just to show, but you can hit end right away
config sys sdn-connector
show full
end
(or edit each item as needed)
2. some CLI commands to check the health status.
get system ha status
diag debug console timestamp enable
diag debug application hatalk -1
diag debug application hasync -1
diag sys ha checksum cluster
Forcing a sync again maybe
di deb app hasync-1
di deb app hatalk -1
exec ha sync start
(exec ha sync stop) why?
(dia deb disable) makes it stop writing to the screen
di deb reset
diag sys ha checksum recalculate
3. can look at probes
show sys probe-response
show full-config sys probe-response
show full-conf sys interface
4. Comparing working flows
diag debug reset
(diag debug enable)
diag debug flow filter dport 8008
diag debug flow show function-name enable
diag debug flow trace start 100
diag debug enable
Type that one last or you'll have too many things pop up all over the screen!
5. here's to get rid of an annoying startup banner
set gui-firmware-upgrade-warning <enable | disable>
