Synchronizing objects across the Security Fabric
When the Security Fabric is enabled, various objects such as addresses, services, and schedules are synced from the upstream FortiGate to all downstream devices by default. FortiOS has the following settings for object synchronization across the Security Fabric:
- Set object synchronization (
fabric-object-unification) todefaultorlocalon a downstream device. - Set a per object option to toggle whether the specific Fabric object will be synchronized or not. After upgrading from 6.4.3, this option is disabled for supported Fabric objects. The synchronized Fabric objects are kept as locally created objects on downstream FortiGates.
- Define the number of task workers to handle synchronizations.
The firewall object synchronization wizard helps identify objects that are not synchronized and resolves any conflicts. A warning message appears in the topology tree if there is a conflict.
Summary of CLI commands
Object synchronization can be configured as follows:
config system csf
set fabric-object-unification {default | local}
set configuration-sync {default | local}
set fabric-workers <integer>
...
next
end
|
Parameter |
|---|