Fortinet black logo

CLI Reference

system conf-sync

system conf-sync

Use this command to configure non-HA configuration synchronization settings.

This command configures, but does not execute, the synchronization. To do this, use the web UI.

This command works only when administrative domains (ADOMs) are disabled.

This type of synchronization is used between FortiWeb appliances that are not part of a native FortiWeb high availability (HA) pair, such as when you need to clone the configuration once, or when HA is provided by an external device.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions on page 1.

Syntax

config system conf-sync

set ip "<remote-fortiweb_ipv4>"

set password "<password_str>"

set sync-type {full-sync | partial-sync}

set server-port <port_int>

set auto-sync {enable | disable}

set frequency {daily | every | weekly}

set day {Friday | Monday | Saturday | Sunday | Thursday | Tuesday | Wednesday}

set time "<hh:mm>"

end

Variable Description Default

ip "<remote-fortiweb_ipv4>"

Enter the IP address of the remote FortiWeb appliance that you want to synchronize with the local FortiWeb appliance. 0.0.0.0

password "<password_str>"

Type the administrator password for the remote FortiWeb appliance. The maximum length is 63 characters. No default.

sync-type {full-sync | partial-sync}

Select one of the synchronization types.

For all operation modes except WCCP, full-sync updates the entire configuration of the peer FortiWeb appliance except for the following items:

  • Network interface used for synchronization (prevents sync from accidentally breaking connectivity with future syncs)
  • Administrator accounts
  • Access profiles
  • HA settings

For the WCCP operation mode, full-sync updates the entire configuration except for the following items:

  • config system interface
  • config route static
  • config route policy
  • config system wccp
  • Administrator accounts
  • Access profiles
  • HA settings

For all operation modes, partial-sync updates the configuration of the peer FortiWeb appliance, except for the following items:

router ...

server-policy health

server-policy http-content-routing-policy

server-policy persistence-policy

server-policy policy

server-policy server-pool

server-policy service custom

server-policy service predefined

server-policy vserver

system ...

partial-sync

server-port <port_int>

Type the port number of the remote (peer) FortiWeb appliance that is used to connect to the local appliance for configuration synchronization. The valid range is from 1 to 65,535.

Caution: The port number used with this command must be different than the port number used with the command or the submitting operation will fail.

955

auto-sync {enable | disable}

Enable to automatically synchronize the configurations hourly, daily, or weekly. Also configure the frequency, day, and time commands accordingly.

disable

frequency {daily | every | weekly}

Enter how often you want the configurations to synchronize:

  • daily—Synchronizes the configuration every day at a specified time. Also configure the day and time commands. For example, Selecting 10:30 will synchronize the configurations every day at 10:30.
  • every—Synchronizes the configuration after an interval you set using the time command. For example, entering 05:00 for the time command will synchronize the configurations every five hours.
  • weekly—Synchronizes the configuration on a specific day and time. For example, selecting Sunday for day and 5:15 for time will synchronize the configurations every Sunday at 5:15.

No default.

day {Friday | Monday | Saturday | Sunday | Thursday | Tuesday | Wednesday}

If auto-sync is enabled and the frequency is set to weekly, enter the day of the week on which you want the configurations to synchronize.

No default.

time "<hh:mm>"

Enter the time of day or interval at which the configurations will be synchronized:

  • daily—Sets the time of day at which the configurations will be synchronized.
  • every—Sets the interval at which the configurations will be synchronized.
  • weekly—Sets the time of day at which the configurations will be synchronized.

No default.

Related topics

system conf-sync

Use this command to configure non-HA configuration synchronization settings.

This command configures, but does not execute, the synchronization. To do this, use the web UI.

This command works only when administrative domains (ADOMs) are disabled.

This type of synchronization is used between FortiWeb appliances that are not part of a native FortiWeb high availability (HA) pair, such as when you need to clone the configuration once, or when HA is provided by an external device.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions on page 1.

Syntax

config system conf-sync

set ip "<remote-fortiweb_ipv4>"

set password "<password_str>"

set sync-type {full-sync | partial-sync}

set server-port <port_int>

set auto-sync {enable | disable}

set frequency {daily | every | weekly}

set day {Friday | Monday | Saturday | Sunday | Thursday | Tuesday | Wednesday}

set time "<hh:mm>"

end

Variable Description Default

ip "<remote-fortiweb_ipv4>"

Enter the IP address of the remote FortiWeb appliance that you want to synchronize with the local FortiWeb appliance. 0.0.0.0

password "<password_str>"

Type the administrator password for the remote FortiWeb appliance. The maximum length is 63 characters. No default.

sync-type {full-sync | partial-sync}

Select one of the synchronization types.

For all operation modes except WCCP, full-sync updates the entire configuration of the peer FortiWeb appliance except for the following items:

  • Network interface used for synchronization (prevents sync from accidentally breaking connectivity with future syncs)
  • Administrator accounts
  • Access profiles
  • HA settings

For the WCCP operation mode, full-sync updates the entire configuration except for the following items:

  • config system interface
  • config route static
  • config route policy
  • config system wccp
  • Administrator accounts
  • Access profiles
  • HA settings

For all operation modes, partial-sync updates the configuration of the peer FortiWeb appliance, except for the following items:

router ...

server-policy health

server-policy http-content-routing-policy

server-policy persistence-policy

server-policy policy

server-policy server-pool

server-policy service custom

server-policy service predefined

server-policy vserver

system ...

partial-sync

server-port <port_int>

Type the port number of the remote (peer) FortiWeb appliance that is used to connect to the local appliance for configuration synchronization. The valid range is from 1 to 65,535.

Caution: The port number used with this command must be different than the port number used with the command or the submitting operation will fail.

955

auto-sync {enable | disable}

Enable to automatically synchronize the configurations hourly, daily, or weekly. Also configure the frequency, day, and time commands accordingly.

disable

frequency {daily | every | weekly}

Enter how often you want the configurations to synchronize:

  • daily—Synchronizes the configuration every day at a specified time. Also configure the day and time commands. For example, Selecting 10:30 will synchronize the configurations every day at 10:30.
  • every—Synchronizes the configuration after an interval you set using the time command. For example, entering 05:00 for the time command will synchronize the configurations every five hours.
  • weekly—Synchronizes the configuration on a specific day and time. For example, selecting Sunday for day and 5:15 for time will synchronize the configurations every Sunday at 5:15.

No default.

day {Friday | Monday | Saturday | Sunday | Thursday | Tuesday | Wednesday}

If auto-sync is enabled and the frequency is set to weekly, enter the day of the week on which you want the configurations to synchronize.

No default.

time "<hh:mm>"

Enter the time of day or interval at which the configurations will be synchronized:

  • daily—Sets the time of day at which the configurations will be synchronized.
  • every—Sets the interval at which the configurations will be synchronized.
  • weekly—Sets the time of day at which the configurations will be synchronized.

No default.

Related topics