Confirming that the FortiGate-7000 HA cluster is synchronized
After an HA cluster is up and running, you can use the HA Status dashboard widget to view status information about the cluster. You can also use the
get system ha status command to confirm that the cluster is operating normally. As highlighted below, the command shows the HA health status, describes how the current primary FortiGate-7000 was selected, shows if the configuration is synchronized (configuration status), and indicates the serial numbers of the primary and secondary FortiGate-7000s.
get system ha status HA Health Status: OK ... Master selected using: <2019/09/23 12:56:53> FG74E43E17000073 is selected as the master because it has the largest value of override priority. ... Configuration Status: FG74E17000073(updated 2 seconds ago): in-sync FG74E43E17000073 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 FG74E43E17000065(updated 4 seconds ago): in-sync FG74E43E17000065 chksum dump: 0b 16 f2 e4 e2 89 eb a1 bf 8f 15 9b e1 4e 3b f2 ... Master: FG74E43E17000073, operating cluster index = 0 Slave : FG74E43E17000065, operating cluster index = 1
For a FortiGate-7000 HA cluster to operate normally, the configurations of both FortiGate-7000s and the FIMs and FPMs in these devices must be synchronized. The
Configuration Status information provided by the
get system ha status command is a useful indicator of synchronization status of the cluster. The information provided indicates whether the FortiGate-7000s in the cluster are
out-of-sync) and includes checksums of each FortiGate-7000 configuration. If the two FortiGate-7000s are synchronized, these checksums must match.