Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Role of the primary (master) and worker (slave) node

On the primary (master) node, all functionality can be turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following information is synchronized from the primary node to all other nodes so they should not be configured on worker nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Blocklists and allowlists (black and white lists)
  • YARA rules
  • Scan profile settings
Note

Although it is possible to assign different VM types to each node in a cluster, it is recommended that all nodes share the same VM types.

This is because VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page, where VM associations can be configured and synchronized to the entire cluster. If an association is created for a VM type missing on the worker node, the sandbox scan will not be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker will not be sandbox scanned.

The following information is synchronized from the primary (master) node to secondary (primary slave) nodes only, and is only applied when the secondary node becomes a primary (master) during a failover:

  • Users
  • Archive server settings
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Devices
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Others (login disclaimers)

Role of the primary (master) and worker (slave) node

On the primary (master) node, all functionality can be turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following information is synchronized from the primary node to all other nodes so they should not be configured on worker nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Blocklists and allowlists (black and white lists)
  • YARA rules
  • Scan profile settings
Note

Although it is possible to assign different VM types to each node in a cluster, it is recommended that all nodes share the same VM types.

This is because VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page, where VM associations can be configured and synchronized to the entire cluster. If an association is created for a VM type missing on the worker node, the sandbox scan will not be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker will not be sandbox scanned.

The following information is synchronized from the primary (master) node to secondary (primary slave) nodes only, and is only applied when the secondary node becomes a primary (master) during a failover:

  • Users
  • Archive server settings
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Devices
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Others (login disclaimers)