Filter
Top Products
High availability Managing an HA cluster
FortiGate-4000 Installation and Configuration Guide 93
Synchronizing the cluster configuration
Cluster synchronization keeps all units in the cluster synchronized with the master
unit. This includes:
• System configuration
• Virus definition updates
• Attack definition updates
• Web filter lists
• Email filter lists
• Replacement messages
• CA certificates
• Local certificates
Synchronization with all cluster members occurs in real time as the administrator
changes or adds configuration settings to the primary unit. When the primary unit
downloads antivirus or attack definition updates, all cluster members also receive
these updates.
From each subordinate unit, you can also use the execute ha synchronize
command to manually synchronize its configuration with the primary unit. Using this
command you can synchronize the following:
To manually synchronize the configuration of subordinate units with the
primary unit
1 Connect to the cluster and log into the CLI.
2 Connect to the CLI of each of the subordinate units in the cluster.
For information about connecting to subordinate units, see “Managing individual
cluster units” on page 92.
3 Use the execute ha synchronize command to synchronize the configuration of
the subordinate unit.
4 Repeat steps 2 and 3 for all the subordinate units in the HA cluster.
Table 25: execute ha synchronize keywords
Keyword Description
config Synchronize the FortiGate configuration. This includes normal system
configuration, firewall configuration, VPN configuration and so on stored in the
FortiGate configuration file.
avupd Synchronize the antivirus engine and antivirus definitions received by the
primary unit from the FortiResponse Distribution Network (FDN).
attackdef Synchronize NIDS attack definition updates received by the primary unit from
the FDN.
weblists Synchronize web filter lists added to or changed on the primary unit.
emaillists Synchronize email filter lists added to or changed on the primary unit.
resmsg Synchronize replacement messages changed on the primary unit.
ca Synchronize CA certificates added to the primary unit.
localcert Synchronize local certificates added to the primary unit.
all Synchronize all of the above.