beautypg.com

Synchronizing the cluster configuration – Fortinet FortiGate 4000 User Manual

Page 93

background image

High availability

Managing an HA cluster

FortiGate-4000 Installation and Configuration Guide

93

Synchronizing the cluster configuration

Cluster synchronization keeps all units in the cluster synchronized with the master
unit. This includes:

• System configuration
• Virus definition updates
• Attack definition updates
• Web filter lists
• Email filter lists
• Replacement messages
• CA certificates
• Local certificates

Synchronization with all cluster members occurs in real time as the administrator
changes or adds configuration settings to the primary unit. When the primary unit
downloads antivirus or attack definition updates, all cluster members also receive
these updates.

From each subordinate unit, you can also use the execute ha synchronize

command to manually synchronize its configuration with the primary unit. Using this
command you can synchronize the following:

To manually synchronize the configuration of subordinate units with the
primary unit

1

Connect to the cluster and log into the CLI.

2

Connect to the CLI of each of the subordinate units in the cluster.
For information about connecting to subordinate units, see

“Managing individual

cluster units” on page 92

.

3

Use the execute ha synchronize command to synchronize the configuration of

the subordinate unit.

4

Repeat steps

2

and

3

for all the subordinate units in the HA cluster.

Table 25: execute ha synchronize keywords

Keyword

Description

config

Synchronize the FortiGate configuration. This includes normal system

configuration, firewall configuration, VPN configuration and so on stored in the

FortiGate configuration file.

avupd

Synchronize the antivirus engine and antivirus definitions received by the

primary unit from the FortiResponse Distribution Network (FDN).

attackdef

Synchronize NIDS attack definition updates received by the primary unit from

the FDN.

weblists

Synchronize web filter lists added to or changed on the primary unit.

emaillists Synchronize email filter lists added to or changed on the primary unit.
resmsg

Synchronize replacement messages changed on the primary unit.

ca

Synchronize CA certificates added to the primary unit.

localcert

Synchronize local certificates added to the primary unit.

all

Synchronize all of the above.

See also other documents in the category Fortinet Computer Accessories: