sslvpnd can cause ha sync /Webinterface unresponsive issue? -another Fortinet story-
Today we faced Fortinet web interface become unresponsive, we find out some articles and expect that killing/restarting httpd will be enough but we faced policy load issues for example try to list rules but we have empty response and after some time its gone and need to restart httpd to access webui again.
Then after some investigation we saw that cluster checksum is not consistent (command:diagnose sys ha cluster-csum)
Tried to sync ha config but not succeed (command:exec ha synchronize start) (for more pls check)
Then somehow we maybe did not prioritise but cluster member which web interface is working but first snmp service stop response and then sslvpn connections are start to not work ! in this time what i remember we changed the password of sslvpn user but i don’t think that this help us but when we kill the sslvpnd magically non-responsive fortinet box become to run , after all checked ha csum its worked and snmp also start to work !
Actually if we did not try this (also vendor said that related firmware have a bug) we have to restart nodes and this will cause some downtime . Version is 5.2.6
Some good link for debugging ha http://kb.fortinet.com/kb/documentLink.do?externalID=FD36494
diag debug enable
diagnose debug console timestamp enable
diag debug application hasync -1
diag debug application hatalk -1
execute ha synchronize start