Synchronizing the configuration
The FGCP uses a combination of incremental and periodic synchronization to make sure that the configuration of all cluster units is synchronized to that of the primary unit. This means that in most cases you only have to make a configuration change once to have it synchronized to all cluster units. This includes special configuration settings that include extra information (for example, 3rd party certificates, replacement message text files and graphics and so on).
Some configuration settings are not synchronized to support some aspects of FortiGate operation. The following settings are not synchronized among cluster units:
- The FortiGate host name. Allows you to identify cluster units.
- The GUI Dashboard configuration. After a failover you may have to re-configure dashboard widgets.
- HA override.
- HA device priority.
- Virtual cluster 1 and Virtual cluster 2 device priorities.
- The HA priority (
ha-priority
) setting for a ping server or dead gateway detection configuration. - The system interface settings of the FortiGate interface that becomes the HA reserved management interface.
- The default route for the reserved management interface, set using the
ha-mgmt-interface-gateway
option of theconfig system ha
command. - The dynamic weighted load balancing thresholds and high and low watermarks.
- OSPF
summary-addresses
settings.
In addition licenses are not synchronized since each FortiGate must be licensed separately. This includes FortiCloud activation and FortiClient licensing, and entering a license key if you purchased more than 10 Virtual Domains (VDOMS).