Fortinet black logo

Administration Guide

Master's Role and Slave's Role

Copy Link
Copy Doc ID 7885f8f7-912a-11e9-81a4-00505692583a:882982
Download PDF

Master's Role and Slave's Role

On the Master node, all functionalities are turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the Master node and will be synchronized to other nodes.

The following information is synchronized from the Master node to all other nodes so they should not be configured on Slave nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Black and White lists
  • YARA rules
  • Scan profile settings
  • Archive server settings
  • AI Mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although it is possible to assign different VM types to each node in a cluster, it is recommended that all nodes share the same VM types.

This is because VM types are collected from all nodes and are displayed in the Master node’s Scan Profile > VM Association page, where VM associations can be configured and synchronized to the entire cluster. If an association is created for a VM type missing on the Slave node, the sandbox scan will not be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the Master node, but do not enable WIN10X64VM on a Slave node, all executable files distributed to that Slave will not be sandbox scanned.

The following information is synchronized from the Master node to Primary Slave nodes only, and is only applied when the Primary Slave node becomes a Master during a failover:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Devices
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Others (login disclaimers)
  • Master scan power
  • BCC and MTA adapter settings

Master's Role and Slave's Role

On the Master node, all functionalities are turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the Master node and will be synchronized to other nodes.

The following information is synchronized from the Master node to all other nodes so they should not be configured on Slave nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Black and White lists
  • YARA rules
  • Scan profile settings
  • Archive server settings
  • AI Mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although it is possible to assign different VM types to each node in a cluster, it is recommended that all nodes share the same VM types.

This is because VM types are collected from all nodes and are displayed in the Master node’s Scan Profile > VM Association page, where VM associations can be configured and synchronized to the entire cluster. If an association is created for a VM type missing on the Slave node, the sandbox scan will not be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the Master node, but do not enable WIN10X64VM on a Slave node, all executable files distributed to that Slave will not be sandbox scanned.

The following information is synchronized from the Master node to Primary Slave nodes only, and is only applied when the Primary Slave node becomes a Master during a failover:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Devices
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Others (login disclaimers)
  • Master scan power
  • BCC and MTA adapter settings