Fortinet white logo
Fortinet white logo

Administration Guide

Primary's role and worker's role

Primary's role and worker's role

On the primary node, all functionality is turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following information is synchronized from the primary node to all other nodes so they do not need to be configured on worker nodes:

  • Job cleanup schedule
  • Malware package generation settings
  • Allowlist and blocklist (white / black List)
  • YARA rules
  • Job queue settings in scan profile
  • Job queue priority
  • Overridden verdicts
  • URL category
  • Customized rating
  • AI mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the worker node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker are not scanned.

The following information is synchronized from the primary node to secondary node only, and is only applied when the secondary node becomes a primary node in a failover IP set:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network DNS settings
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Device group settings
  • System Recovery settings
  • Device (including FortiClient)
  • Network Share settings
  • Quarantine settings
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Login disclaimers
  • Health Check settings
  • Local Log settings
  • Diagnostic Logs > CLI Logs settings
  • Primary node scan power

Primary's role and worker's role

Primary's role and worker's role

On the primary node, all functionality is turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following information is synchronized from the primary node to all other nodes so they do not need to be configured on worker nodes:

  • Job cleanup schedule
  • Malware package generation settings
  • Allowlist and blocklist (white / black List)
  • YARA rules
  • Job queue settings in scan profile
  • Job queue priority
  • Overridden verdicts
  • URL category
  • Customized rating
  • AI mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the worker node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker are not scanned.

The following information is synchronized from the primary node to secondary node only, and is only applied when the secondary node becomes a primary node in a failover IP set:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network DNS settings
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Device group settings
  • System Recovery settings
  • Device (including FortiClient)
  • Network Share settings
  • Quarantine settings
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Login disclaimers
  • Health Check settings
  • Local Log settings
  • Diagnostic Logs > CLI Logs settings
  • Primary node scan power