Created on 06-11-2007 12:00 AM
Components | FortiGate HA Cluster (FortiOS 3.0) |
Description | How FortiOS v3.0 HA incremental synchronization synchronizes HA cluster configuration changes. |
Incremental Synchronization | When you log into the cluster web-based manager or CLI to make configuration changes, you are actually logging into the primary unit. All of your configuration changes are first made to the primary unit. Incremental synchronization then immediately synchronizes these changes to all of the subordinate units.
When you log into a subordinate unit CLI (for example using Whenever a change is made to a cluster unit configuration, incremental synchronization sends the same configuration change to all other cluster units over the HA heartbeat link. An HA synchronization process running on the each cluster unit receives the configuration change and applies it to the cluster unit. The HA synchronization process makes the configuration change by entering a CLI command that appears to be entered by the administrator who made the configuration change in the first place. Synchronization takes place silently, and no log messages are recorded about the synchronization activity. You can see evidence of incremental synchronization if you enable event logging and set the minimum severity level to Information and then check the event log messages written by the cluster units when you make a configuration change. Example: configuration change synchronized from primary unit to subordinate unit The following event log message is written by the primary unit when the admin administrator adds firewall policy 3 by connecting to the web-based manager from a management PC with IP address 172.20.120.14 using HTTPS or HTTP:
When incremental synchronization makes the same change to a subordinate unit the subordinate unit writes the following log message:
Notice that the two messages are identical except that on the subordinate unit the ui (user interface) is ha_daemon. ha_daemon is the name of the user interface used by the HA synchronization process to make incremental synchronization configuration changes. Example: configuration change synchronized from subordinate unit to primary unit The following event log message is written by a subordinate unit after the admin administrator logs into the subordinate unit CLI using the execute ha manage command and adds firewall policy 6.
Notice the user interface is
Notice again that the messages are identical except for the user interface. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.