Confirming that the FortiGate-6000 HA cluster is synchronized
After an HA cluster is up and running, you can use the HA Status dashboard widget to view status information about the cluster. You can also use the get system ha status
command to confirm that the cluster is operating normally. As highlighted below, the command shows the HA health status, describes how the current primary FortiGate-6000 was selected, shows if the configuration is synchronized (configuration status), and indicates the serial numbers of the primary and secondary FortiGate-6000s.
get system ha status HA Health Status: OK ... Primary selected using: <2019/09/23 12:56:53> FG6KF43E17000073 is selected as the primary because it has the largest value of override priority. ... Configuration Status: FG6KF43E17000073(updated 2 seconds ago): in-sync FG6KF43E17000073 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 FG6KF43E17000065(updated 4 seconds ago): in-sync FG6KF43E17000065 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 ... Primary : FG6KF43E17000073, operating cluster index = 0 Secondary: FG6KF43E17000065, operating cluster index = 1
For a FortiGate-6000 HA cluster to operate normally, the configurations of both FortiGate-6000s and the management boards and all of the FPCs in these devices must be synchronized. The Configuration Status
information provided by the get system ha status
command is a useful indicator of synchronization status of the cluster. The information provided indicates whether the FortiGate-6000s in the cluster are in-sync
(or out-of-sync
) and includes checksums of each FortiGate-6000 configuration. If the two FortiGate-6000s are synchronized, these checksums must match.