Synchronizing the configuration (and settings that are not synchronized)
The FGCP uses a combination of incremental and periodic synchronization to make sure that the configuration of all cluster units is synchronized to that of the primary unit. This means that in most cases you only have to make a configuration change once to have it synchronized to all cluster units. This includes special configuration settings that include extra information (for example, 3rd party certificates, replacement message text files and graphics and so on).
Some configuration settings are not synchronized to support some aspects of FortiGate operation. The following settings are not synchronized among cluster units:
- The FortiGate unit host name. Allows you to identify cluster units.
- HA override.
- HA device priority.
- Virtual cluster 1 and Virtual cluster 2 device priorities.
- The HA priority (
ha-priority) setting for a ping server or dead gateway detection configuration.
- The system interface settings of the FortiGate interface that becomes the HA reserved management interface.
- The default route for the reserved management interface, set using the
ha-mgmt-interface-gatewayoption of the
config system hacommand.
- The dynamic weighted load balancing thresholds and high and low watermarks.
In addition licenses are not synchronized since FortiGate must be licensed separately. This includes FortiCloud activationand FortiClien licensing, and entering a license key if you purchased more than 10 Virtual Domains (VDOMS). FortiToken licenses can be added at any time because they are synchronized to all cluster members.