Fortigate HA Active Passive на GCP

Я следил за документами по реализации HA Active Passive на GCP. как только я развернул оба брандмауэра. экземпляр пассивного брандмауэра автоматически завершает работу. Я попытался реализовать его через cloushell и terraform, одна и та же ошибка для обоих методов.

Я использую это изображение PAYG: projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

Кто-нибудь знает, что происходит? моя первоначальная конфигурация ниже

Активный брандмауэр:

    config sys glo
set hostname active
end
config system admin
    edit "admin"
        set password ftntCl0ud
    next
end
config router static
    edit 1
       set device port1
       set gateway 172.14.0.1
    next
end
config system interface
    edit port1
        set mode static
        set ip 172.14.0.2/24
        set allowaccess ping https ssh http fgfm
        set description "ext"
    next
    edit port2
        set mode static
        set ip 172.14.1.2/24
        set allowaccess ping https ssh http fgfm
        set description "int"
    next
    edit port3
        set mode static
        set ip 172.14.2.2/24
        set allowaccess ping https ssh http fgfm
        set description "sync"
    next
    edit port4
        set mode static
        set ip 172.14.3.2/24
        set allowaccess ping https ssh http fgfm
        set description "hamgmt"
    next
end
config system ha
    set group-name "gcp-group"
    set mode a-p
    set hbdev "port3" 50
    set session-pickup enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port4"
            set gateway 172.14.3.1
        next
    end
    set override disable
    set priority 255
    set unicast-hb enable
    set unicast-hb-peerip 172.14.2.3
    set unicast-hb-netmask 255.255.255.0
end
config system sdn-connector
    edit "gcp"
        set type gcp
        set ha-status enable
        config external-ip
            edit terraform-cluster-ip-pri
            next
        end
        config route
            edit terraform-internal-route-pri
            next
        end
    next
end

Пассивный брандмауэр:

    config sys glo
set hostname passive
end
config system admin
    edit "admin"
        set password ftntCl0ud
    next
end
config router static
    edit 1
       set device port1
       set gateway 172.14.0.1
    next
end
config system interface
    edit port1
        set mode static
        set ip 172.14.0.3/24
        set allowaccess ping https ssh http fgfm
        set description "ext"
    next
    edit port2
        set mode static
        set ip 172.14.1.3/24
        set allowaccess ping https ssh http fgfm
        set description "int"
    next
    edit port3
        set mode static
        set ip 172.14.2.3/24
        set allowaccess ping https ssh http fgfm
        set description "sync"
    next
    edit port4
        set mode static
        set ip 172.14.3.3/24
        set allowaccess ping https ssh http fgfm
        set description "hamgmt"
    next
end
config system ha
    set group-name "gcp-group"
    set mode a-p
    set hbdev "port3" 50
    set session-pickup enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port4"
            set gateway 172.14.3.1
        next
    end
    set override disable
    set priority 100
    set unicast-hb enable
    set unicast-hb-peerip 172.14.2.2
    set unicast-hb-netmask 255.255.255.0
end
config system sdn-connector
    edit "gcp"
        set type gcp
        set ha-status enable
        config external-ip
            edit terraform-cluster-ip-pri
            next
        end
        config route
            edit terraform-internal-route-pri
            next
        end
    next
end

благодаря:)