Fortinet black logo

FortiGate-7000 Handbook

Confirming that the FortiGate-7000 HA cluster is synchronized

Copy Link
Copy Doc ID 3c44971b-ce74-11e9-8977-00505692583a:550095
Download PDF

Confirming that the FortiGate-7000 HA cluster is synchronized

After an HA cluster is up and running, you can use the HA Status dashboard widget to view status information about the cluster. You can also use the get system ha status command to confirm that the cluster is operating normally. As highlighted below, the command shows the HA health status, describes how the current primary FortiGate-7000 was selected, shows if the configuration is synchronized (configuration status), and indicates the serial numbers of the primary and backup FortiGate-7000s.

get system ha status
HA Health Status: OK
...
Master selected using:
    <2019/09/23 12:56:53> FG74E43E17000073 is selected as the master because it has the largest value of override priority.
...

Configuration Status:
    FG74E17000073(updated 2 seconds ago): in-sync
    FG74E43E17000073 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 
    FG74E43E17000065(updated 4 seconds ago): in-sync
    FG74E43E17000065 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 
...
Master: FG74E43E17000073, operating cluster index = 0
Slave : FG74E43E17000065, operating cluster index = 1

For a FortiGate-7000 HA cluster to operate normally, the configurations of both FortiGate-7000s and the FIMs and FPMs in these devices must be synchronized. The Configuration Status information provided by the get system ha status command is a useful indicator of synchronization status of the cluster. The information provided indicates whether the FortiGate-7000s in the cluster are in-sync (or out-of-sync) and includes checksums of each FortiGate-7000 configuration. If the two FortiGate-7000s are synchronized, these checksums must match.

Confirming that the FortiGate-7000 HA cluster is synchronized

After an HA cluster is up and running, you can use the HA Status dashboard widget to view status information about the cluster. You can also use the get system ha status command to confirm that the cluster is operating normally. As highlighted below, the command shows the HA health status, describes how the current primary FortiGate-7000 was selected, shows if the configuration is synchronized (configuration status), and indicates the serial numbers of the primary and backup FortiGate-7000s.

get system ha status
HA Health Status: OK
...
Master selected using:
    <2019/09/23 12:56:53> FG74E43E17000073 is selected as the master because it has the largest value of override priority.
...

Configuration Status:
    FG74E17000073(updated 2 seconds ago): in-sync
    FG74E43E17000073 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 
    FG74E43E17000065(updated 4 seconds ago): in-sync
    FG74E43E17000065 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 
...
Master: FG74E43E17000073, operating cluster index = 0
Slave : FG74E43E17000065, operating cluster index = 1

For a FortiGate-7000 HA cluster to operate normally, the configurations of both FortiGate-7000s and the FIMs and FPMs in these devices must be synchronized. The Configuration Status information provided by the get system ha status command is a useful indicator of synchronization status of the cluster. The information provided indicates whether the FortiGate-7000s in the cluster are in-sync (or out-of-sync) and includes checksums of each FortiGate-7000 configuration. If the two FortiGate-7000s are synchronized, these checksums must match.