Verify HA status on both FortiGate units
Confirm one unit is primary and the other is secondary
Check HA synchronization status
Verify cluster heartbeat links are up
Confirm the load balancer VIP or VIP group is configured correctly
Check that the load balancer IP is reachable from clients
Verify the correct interface is used for the VIP
Confirm firewall policies allow traffic to the load balancer
Check policy order for conflicting rules
Verify NAT settings on the load balancer policy
Confirm backend server IPs are correct
Check backend server health status
Verify health check configuration on the load balancer
Confirm the health check port and protocol match the service
Check for session persistence settings
Verify routing to backend servers is correct
Check ARP table entries for the VIP
Confirm the VIP MAC address is being learned correctly
Verify no IP conflict exists for the VIP
Check logs for denied traffic or health check failures
Review event logs on both HA members
Test traffic directly to backend servers
Fail over the HA cluster and retest the load balancer
Confirm configuration changes are synchronized after failover
Check for asymmetric routing issues
Verify upstream switch and gateway settings
Confirm VLAN tagging is correct
Check for interface link errors or packet drops
Validate session table entries during active connections
Review CPU and memory usage on both HA members
Check for firmware compatibility issues between HA peers
Verify load balancing method settings
Confirm SSL inspection or offload settings are not causing failures
Test with a simple TCP or ICMP health check
Disable conflicting security profiles temporarily for testing
Compare running configuration on both HA units
Reboot or resync the cluster if configuration drift is detected