Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Primary's role and worker's role

On the primary node, all functionality is available based on your licenses and contracts. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following table below lists the features and its synchronization settings.

  • Failover – the related settings are synchronized from primary to secondary during failover.
  • Realtime – the related settings are synchronized as soon as changes are applied.
  • Realtime* – the related settings are synchronized in realtime only if configured.

Feature

Secondary

Worker

Dashboard > Status

 

 

 

Widget settings

Failover

 

 

NTP Server settings

Failover

 

Security Fabric

 

 

 

Device, including FortiClient

Failover

 

 

Adapter

Failover

 

 

Network Share, including network share scans

Failover

 

 

Quarantine

Failover

 

 

Sniffer

Failover

 

 

FortiAI

Realtime

Realtime

HA-Cluster

 

 

 

Health Check

Failover

 

Scan Job

 

 

 

Overridden job verdicts

Realtime

Realtime

Scan Policy and Object

 

 

 

Scan Profile > Pre-Filter

Realtime

Realtime

 

Scan Profile > Advanced

Realtime

Realtime

 

General > Allow VMs outbound port3

Realtime*

Realtime*

 

General > Upload

Failover

 

 

General > Job Archive

Failover

 

 

General > Upload/Password/Clean up schedule settings

Realtime

Realtime

 

Job Queue Priority

Realtime

Realtime

 

Allowlist/Blocklist

Realtime

Realtime

 

YARA Rules

Realtime

Realtime

 

Web Category

Realtime

Realtime

 

Customized Rating

Realtime

Realtime

 

Global Network settings

Failover

 

 

Threat Intelligence > Generation Settings

Failover

 

System

 

 

 

Administrators

Failover/Realtime*

Realtime*

 

Device Groups

Failover/Realtime*

Realtime*

 

Certificates

Failover/Realtime*

Realtime*

 

LDAP Servers and RADIUS Servers

Failover/Realtime*

Realtime*

 

Network settings (DNS)

Realtime*

Realtime*

 

Mail Server, including Scheduled Report Configuration

Failover

 

 

SNMP

Failover/Realtime*

Realtime*

 

FortiGuard

Realtime*

Realtime*

 

Login Disclaimer

Realtime*

Realtime*

 

System Recovery

Failover/Realtime*

Realtime*

 

Settings

Failover

 

Log & Report

 

 

 

Log Servers

Realtime*

Realtime*

 

Local Log

Realtime*

Realtime*

CLI only configuration

 

 

 

AI Mode

Realtime

Realtime

 

Device Low-Encryption

Failover

 

 

Device Authorization

Failover

 

 

File size limit configuration

Realtime

Realtime

 

FortiMail expired timeout

Failover

 

 

Network settings (proxy and routing tables)

Realtime*

Realtime*

 

HA Cluster settings (cluster IP/encryption)

Failover

 

 

OFTPD conserve mode

Failover

 

 

Primary node scan power

Failover

 

 

Prescan configuration

Realtime

Realtime

 

Remote authentication timeout

Failover

 

 

TLS version

Realtime

Realtime

 

Sandboxing embedded URL

Realtime

Realtime

Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the worker node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker are not scanned.

Primary's role and worker's role

On the primary node, all functionality is available based on your licenses and contracts. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the primary node and will be synchronized to other nodes.

The following table below lists the features and its synchronization settings.

  • Failover – the related settings are synchronized from primary to secondary during failover.
  • Realtime – the related settings are synchronized as soon as changes are applied.
  • Realtime* – the related settings are synchronized in realtime only if configured.

Feature

Secondary

Worker

Dashboard > Status

 

 

 

Widget settings

Failover

 

 

NTP Server settings

Failover

 

Security Fabric

 

 

 

Device, including FortiClient

Failover

 

 

Adapter

Failover

 

 

Network Share, including network share scans

Failover

 

 

Quarantine

Failover

 

 

Sniffer

Failover

 

 

FortiAI

Realtime

Realtime

HA-Cluster

 

 

 

Health Check

Failover

 

Scan Job

 

 

 

Overridden job verdicts

Realtime

Realtime

Scan Policy and Object

 

 

 

Scan Profile > Pre-Filter

Realtime

Realtime

 

Scan Profile > Advanced

Realtime

Realtime

 

General > Allow VMs outbound port3

Realtime*

Realtime*

 

General > Upload

Failover

 

 

General > Job Archive

Failover

 

 

General > Upload/Password/Clean up schedule settings

Realtime

Realtime

 

Job Queue Priority

Realtime

Realtime

 

Allowlist/Blocklist

Realtime

Realtime

 

YARA Rules

Realtime

Realtime

 

Web Category

Realtime

Realtime

 

Customized Rating

Realtime

Realtime

 

Global Network settings

Failover

 

 

Threat Intelligence > Generation Settings

Failover

 

System

 

 

 

Administrators

Failover/Realtime*

Realtime*

 

Device Groups

Failover/Realtime*

Realtime*

 

Certificates

Failover/Realtime*

Realtime*

 

LDAP Servers and RADIUS Servers

Failover/Realtime*

Realtime*

 

Network settings (DNS)

Realtime*

Realtime*

 

Mail Server, including Scheduled Report Configuration

Failover

 

 

SNMP

Failover/Realtime*

Realtime*

 

FortiGuard

Realtime*

Realtime*

 

Login Disclaimer

Realtime*

Realtime*

 

System Recovery

Failover/Realtime*

Realtime*

 

Settings

Failover

 

Log & Report

 

 

 

Log Servers

Realtime*

Realtime*

 

Local Log

Realtime*

Realtime*

CLI only configuration

 

 

 

AI Mode

Realtime

Realtime

 

Device Low-Encryption

Failover

 

 

Device Authorization

Failover

 

 

File size limit configuration

Realtime

Realtime

 

FortiMail expired timeout

Failover

 

 

Network settings (proxy and routing tables)

Realtime*

Realtime*

 

HA Cluster settings (cluster IP/encryption)

Failover

 

 

OFTPD conserve mode

Failover

 

 

Primary node scan power

Failover

 

 

Prescan configuration

Realtime

Realtime

 

Remote authentication timeout

Failover

 

 

TLS version

Realtime

Realtime

 

Sandboxing embedded URL

Realtime

Realtime

Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the primary node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the worker node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the primary node, but do not enable WIN10X64VM on a worker node, all executable files distributed to that worker are not scanned.