Configuration synchronization provides the ability to duplicate the configuration from another FortiWeb appliance without using FortiWeb high availability (HA). The synchronization is unilateral push; it is not a bilateral synchronization. It adds any missing items, and overwrites any items that are identically named, but does not delete unique items on the target FortiWeb, nor does it pull items from the target to the initiating FortiWeb.
Replicating the configuration can be useful in some scenarios where you cannot use, or do not want, FortiWeb HA:
In such cases, you may be able to save time and preserve your existing network topology by synchronizing a FortiWeb appliance’s configuration with another FortiWeb. This way, you do not need to individually configure each one, and do not need to use FortiWeb HA.
Like HA, due to hardware-based differences in valid settings, configuration synchronization requires that both FortiWeb appliances be of the same model. You cannot, for example, synchronize a FortiWeb-VM and FortiWeb 1000D.
You can configure which port number the appliance uses to synchronize its configuration. See Config-Sync.
Synchronize each time you change the configuration, and are ready to propagate the changes. Unlike FortiWeb HA, configuration synchronization is not automatic and continuous. Changes will only be pushed when you manually initiate it.
Back up your system before changing the operation mode (see Backups). Synchronizing the configuration overwrites the existing configuration, and cannot be undone without restoring the configuration from a backup. |
1. Go to System > Config > Config-Synchronization.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Network Configuration category. For details, see Permissions. This feature is not available if ADOMs are enabled.
2. In Peer FortiWeb IP, type the IP address of the target FortiWeb appliance that you want to receive configuration items from your local FortiWeb appliance.
3. In Peer FortiWeb Port, type the port number that the target FortiWeb appliance uses to listen for configuration synchronization. The default port is 995.
4. In Peer FortiWeb 'admin' user password, type the password of the administrator account named admin
on the other FortiWeb appliance.
5. In Synchronization Type, select one of the following options:
Full |
For all operation modes except WCCP, synchronizes all configuration except:
When the operation mode is WCCP, synchronizes all configuration except:
|
Partial |
Synchronizes all configurations except:
For a detailed list of settings that are excluded from a partial synchronization, including CLI-only settings, see the FortiWeb CLI Reference. |
This option is not available if the FortiWeb appliance is operating in reverse proxy mode. See also Supported features in each operation mode. |
To test the connection settings, click Test. Results appear in a pop-up window. If the test connection to the target FortiWeb succeeds, this message should appear:
Service is available...
If the following message appears:
Service isn't available...
verify that:
admin
account password matches6. Click Push config.
A dialog appears, warning you that all policies and profiles with identical names will be overwritten on the other FortiWeb, and asking if you want to continue.
7. Click Yes.
The FortiWeb appliance sends its configuration to the other, which synchronizes any identically-named policies and settings. Time required varies by the size of the configuration and the speed of the network connection. When complete, this message should appear:
Config. synchronized successfully.