Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Role of the primary (master) and worker (slave) node

On the primary (master) node, all functionality can be turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following information is synchronized from the primary node to all other nodes so they should not be configured on worker nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Blocklists and allowlists (black and white lists)
  • YARA rules
  • Scan profile settings
  • Archive server settings
  • Job Queue Priority
  • Overridden Verdicts
  • URL category
  • Customized Rating
  • AI Mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the worker node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker are not scanned.

The following information is synchronized from the primary (master) node to secondary (primary slave) nodes only, and is only applied when the secondary node becomes a primary (master) during a failover:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Device group settings
  • System Recovery settings
  • Device (including FortiClient)
  • Network Share settings
  • Quarantine settings
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Login disclaimers
  • Health Check settings
  • Local Log settings
  • Diagnostic Logs > CLI Logs settings
  • Primary node scan power

Role of the primary (master) and worker (slave) node

On the primary (master) node, all functionality can be turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following information is synchronized from the primary node to all other nodes so they should not be configured on worker nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Blocklists and allowlists (black and white lists)
  • YARA rules
  • Scan profile settings
  • Archive server settings
  • Job Queue Priority
  • Overridden Verdicts
  • URL category
  • Customized Rating
  • AI Mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the worker node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker are not scanned.

The following information is synchronized from the primary (master) node to secondary (primary slave) nodes only, and is only applied when the secondary node becomes a primary (master) during a failover:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Device group settings
  • System Recovery settings
  • Device (including FortiClient)
  • Network Share settings
  • Quarantine settings
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Login disclaimers
  • Health Check settings
  • Local Log settings
  • Diagnostic Logs > CLI Logs settings
  • Primary node scan power