FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description From '# diagnose load-balance status' if any blade are stuck at 'waiting for configuration sync' status or from '# diagnose sys configsync status' if in_sync=0, then it means that there is a config mismatch.
This article describes how to find the config difference between FPCs/FPMs/MBD within the chassis or between the chassis using '# diagnose sys confsync diffscum' command.
Scope For FortiGate 6000-7000 series, applicable from v6.0.8 and above.
Solution On FortiGate-6000 series from global, For example.
1) To Compare the config difference between FPC03(slot3) and the MBD with in the chassis.
- Above text shows the root vdom checksum is different between FPC3 and MBD.
2) Use the following syntax to drill down to find the config difference.
- Above text shows dnsfilter.profile checksum in the root VDOM is different between FPC03 and MBD.
- This explains default dnsfilter profile config is missing in FPC03. You can manually compare the config under root vdom by using CLI 'sudo root show dnsfilter profile' on both FPC03 and MBD. You can fix this either by adding the missing config on the FPC03 or removing the config on MBD to match the FPC03’s config.
- It is also possible to use this command to find the difference in config between the chassis as well by adding the chassis id and the FPC number.
Example. If the current chassis ID that logged in is 1 and to compare the config difference of Chassis 2 FPC3 from Chassis 1 MBD below is the command and follow the same steps are before.