Fortinet black logo

FortiGate-7000E Handbook

Home FortiGate-7000 6.0.15 FortiGate-7000E Handbook

Configuration synchronization

6.0.15
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
Copy Link
Copy Doc ID c31515a1-64fa-11ed-96f0-fa163e15d75b:492183
Download PDF

Configuration synchronization

When you log into the FortiGate-7000 GUI or CLI by connecting to the IP address of the aggregate management interface, or through a console connection, you are logging into the FIM in slot 1 (the address of slot 1 is FIM01). The FIM in slot 1 is the FortiGate-7000 config-sync primary (or master). All configuration changes must be made from the GUI or CLI of the FIM in slot 1. The he FIM in slot 1 synchronizes configuration changes to the other modules and makes sure module configurations remain synchronized with the FIM in slot 1.

If the FIM in slot 1 fails or reboots, the FIM in slot 2 becomes the config-sync primary.

For the FortiGate-7000 to operate normally, the configurations of the FIMs and FPMs must be synchronized. You can use the information in the following sections to make sure that these configurations are synchronized

The example output includes four sets of checksums: a checksum for the global configuration, a checksum for each VDOM (in this case there are two VDOMs: root and mgmt-vdom), and a checksum for the complete configuration (all). You can verify that this FPM is synchronized because both sets of HA checksums match and both sets of confsync checksums match. Also as expected, the HA and confsync checksums are different.

If the FIMs and FPMs in a standalone FortiGate-7000 have the same set of checksums, the FIMs and FPMs in that FortiGate-7000 are synchronized.

If a FIM or FPM is out of sync, you can use the output of the diagnose sys configsync status command to determine what part of the configuration is out of sync. You could then take action to attempt to correct the problem or contact Fortinet Technical Support at https://support.fortinet.com for assistance.

A corrective action could be to restart of the component with the synchronization error. You could also try using the following command to re-calculate the checksums in case the sync error is just temporary:

diagnose sys confsync csum-recalculate

Previous
Next

Configuration synchronization

When you log into the FortiGate-7000 GUI or CLI by connecting to the IP address of the aggregate management interface, or through a console connection, you are logging into the FIM in slot 1 (the address of slot 1 is FIM01). The FIM in slot 1 is the FortiGate-7000 config-sync primary (or master). All configuration changes must be made from the GUI or CLI of the FIM in slot 1. The he FIM in slot 1 synchronizes configuration changes to the other modules and makes sure module configurations remain synchronized with the FIM in slot 1.

If the FIM in slot 1 fails or reboots, the FIM in slot 2 becomes the config-sync primary.

For the FortiGate-7000 to operate normally, the configurations of the FIMs and FPMs must be synchronized. You can use the information in the following sections to make sure that these configurations are synchronized

The example output includes four sets of checksums: a checksum for the global configuration, a checksum for each VDOM (in this case there are two VDOMs: root and mgmt-vdom), and a checksum for the complete configuration (all). You can verify that this FPM is synchronized because both sets of HA checksums match and both sets of confsync checksums match. Also as expected, the HA and confsync checksums are different.

If the FIMs and FPMs in a standalone FortiGate-7000 have the same set of checksums, the FIMs and FPMs in that FortiGate-7000 are synchronized.

If a FIM or FPM is out of sync, you can use the output of the diagnose sys configsync status command to determine what part of the configuration is out of sync. You could then take action to attempt to correct the problem or contact Fortinet Technical Support at https://support.fortinet.com for assistance.

A corrective action could be to restart of the component with the synchronization error. You could also try using the following command to re-calculate the checksums in case the sync error is just temporary:

diagnose sys confsync csum-recalculate

Previous
Next