Fortinet white logo
Fortinet white logo

CLI Reference

ha synchronize

ha synchronize

Use this command to manually control the synchronization of configuration files and FortiGuard service-related packages from the active HA appliance to the standby appliance.

Typically, most HA synchronization happens automatically, whenever changes are made. However, in some cases, you may want to use this command to manually initiate full or partial HA synchronization, including to

  • Delay synchronization to a more convenient time if you are planning to make large batch changes, and therefore delayed synchronization is preferable for network performance reasons
  • Manually force synchronization of files that are not automatically synchronized
  • Trigger automatic synchronization if it has been interrupted due to HA link failure, daemon crashes, etc.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

execute ha synchronize {all | avupd | cli | geodb | sys}

Variable Description Default

synchronize {all | avupd | cli | geodb | sys}

Select which part of the configuration and/or FortiGuard service-related packages to synchronize.

  • all—Entire configuration, including CLI configuration, system files, and signature databases.

  • avupd—Only the FortiGuard Antivirus service package, including the virus signatures, scan engine, and proxy.

  • cli—Only the core CLI configuration file (FortiWeb_system.conf). You can use the show command to view the contents of the configuration file.

  • geodb—Only the geography-to-IP address mappings. Similar to firmware, these can be downloaded from the Fortinet Customer Service & Support website:

    HTTPS://support.fortinet.com

  • sys—Only the IP Reputation Database (IRDB) and system files such as X.509 certificates.

Note: This command has no effect if you use the command execute ha synchronize stop to pause it manually.

No default.

Example

This example shows how to manually synchronize the virus signature and engine package to the standby appliance.

FortiWeb # execute ha synchronize avupd

starting synchronize with HA primary...

Related topics

ha synchronize

ha synchronize

Use this command to manually control the synchronization of configuration files and FortiGuard service-related packages from the active HA appliance to the standby appliance.

Typically, most HA synchronization happens automatically, whenever changes are made. However, in some cases, you may want to use this command to manually initiate full or partial HA synchronization, including to

  • Delay synchronization to a more convenient time if you are planning to make large batch changes, and therefore delayed synchronization is preferable for network performance reasons
  • Manually force synchronization of files that are not automatically synchronized
  • Trigger automatic synchronization if it has been interrupted due to HA link failure, daemon crashes, etc.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

execute ha synchronize {all | avupd | cli | geodb | sys}

Variable Description Default

synchronize {all | avupd | cli | geodb | sys}

Select which part of the configuration and/or FortiGuard service-related packages to synchronize.

  • all—Entire configuration, including CLI configuration, system files, and signature databases.

  • avupd—Only the FortiGuard Antivirus service package, including the virus signatures, scan engine, and proxy.

  • cli—Only the core CLI configuration file (FortiWeb_system.conf). You can use the show command to view the contents of the configuration file.

  • geodb—Only the geography-to-IP address mappings. Similar to firmware, these can be downloaded from the Fortinet Customer Service & Support website:

    HTTPS://support.fortinet.com

  • sys—Only the IP Reputation Database (IRDB) and system files such as X.509 certificates.

Note: This command has no effect if you use the command execute ha synchronize stop to pause it manually.

No default.

Example

This example shows how to manually synchronize the virus signature and engine package to the standby appliance.

FortiWeb # execute ha synchronize avupd

starting synchronize with HA primary...

Related topics