Confirming that the FortiGate-7000E is synchronized
In addition to viewing configuration synchronization status from the Security Fabric dashboard widget, you can use the following command to confirm that the configurations of the FIMs and FPMs are synchronized:
diagnose sys confsync status
The command shows the HA and configuration synchronization (confsync) status of the FIMs and FPMs. For each FIM and FPM, in_sync=1
means the component is synchronized and can operate normally. If any component is out of sync, the command output will include in_sync=0
. All components must be synchronized for the FortiGate-7000E to operate normally.
To confirm the configuration synchronization status of an HA cluster, see Confirming that the FortiGate-7000E HA cluster is synchronized . |
FIM confsync status
The diagnose sys confsync status
command output usually begins with the confsync status of the FIM in slot 2 and ends with the confsync status of the primary FIM (usually the FIM in slot 1). For each of the FIMs, the command output shows the configuration synchronization status with the other FIM and with each of the FPMs. The following example shows the configuration synchronization status of the FIM in slot 1, which is operating as the primary FIM:
Current slot: 1 Module SN: FIM01E3E17000165 ELBC: svcgrp_id=1, chassis=1, slot_id=1 ha zone: ha_primary_sn:FIM01E3E17000165, ha_primary_idx:1 Ha Member: FG74E43E17000073, mode=a-p, role=Primary, slot_id=1:1, idx=1, in_sync=1 Ha Member: FG74E43E17000065, mode=a-p, role=Secondary, slot_id=2:1, idx=0, in_sync=0 zone: self_idx:1, primary_idx:1, ha_primary_idx:1, members:4 ha_member:1 FIM01E3E17000165, Primary, uptime=70947.53, priority=1, slot_id=1:1, idx=1, flag=0x10, in_sync=1 FIM04E3E16000102, Secondary, uptime=70948.25, priority=2, slot_id=1:2, idx=2, flag=0x10, in_sync=0 elbc-b-chassis: state=3(connected), ip=169.254.2.16, last_hb_time=71057.67, hb_nr=338183 FPM20E3E17900506, Secondary, uptime=70940.78, priority=20, slot_id=1:4, idx=3, flag=0x64, in_sync=0 elbc-b-chassis: state=3(connected), ip=169.254.2.4, last_hb_time=71057.78, hb_nr=338387 FPM20E3E17900511, Secondary, uptime=70940.69, priority=19, slot_id=1:3, idx=4, flag=0x64, in_sync=0 elbc-b-chassis: state=3(connected), ip=169.254.2.3, last_hb_time=71057.62, hb_nr=338456
FPM confsync status
The diagnose sys confsync status
command output also lists the confsync status of each FPM. In the following example for a FortiGate-7040E, the output begins with the confsync status if the FPM in slot 3. The two lines that begin with serial numbers and end with in_sync=1
indicate that the FPM (serial number FPM20E3E17900511) is synchronized with the primary FIM (serial number
FIM01E3E17000165) and the primary FIM is synchronized with the FPM.
diagnose sys confsync status ... Slot: 3 Module SN: FPM20E3E17900511 ELBC: svcgrp_id=1, chassis=1, slot_id=3 ELBC HB devs: elbc-ctrl/1: active=1, hb_count=70932 elbc-ctrl/2: active=1, hb_count=70936 ELBC mgmt devs: elbc-b-chassis: mgmtip_set=1 zone: self_idx:2, primary_idx:0, ha_primary_idx:255, members:3 FPM20E3E17900511, Secondary, uptime=70940.69, priority=19, slot_id=1:3, idx=2, flag=0x4, in_sync=0 FIM01E3E17000165, Primary, uptime=70947.53, priority=1, slot_id=1:1, idx=0, flag=0x10, in_sync=1 elbc-b-chassis: state=3(connected), ip=169.254.2.15, last_hb_time=71158.62, hb_nr=338046 FIM04E3E16000102, Secondary, uptime=70948.25, priority=2, slot_id=1:2, idx=1, flag=0x10, in_sync=0 elbc-b-chassis: state=3(connected), ip=169.254.2.16, last_hb_time=71158.62, hb_nr=338131