Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asavic
Staff
Staff

Created on ‎07-13-2021 07:50 AM Edited on ‎11-23-2021 07:46 AM By Anonymous

Article Id 191761

Technical Tip: NTP status on secondary unit in FGCP HA cluster showing as NTP not synchronized

Description
This article describes expected NTP status on HA backup unit when two FortiGates are in HA cluster (FGCP).

Solution
In case there are 2 units in HA cluster as below:

# config system ha
    set group-name "test"
    set mode a-p
    set hbdev "ha1" 50
    set password XXXXXXXXXXXX
end
# config system ntp
    set ntpsync enable
    set server-mode enable
    set interface "port1"
end
FortiGate-primary # diagnose sys ntp status
HA master: yes, HA master ip: 1.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=1
synchronized: yes, ntpsync: enabled, server-mode: enabled

FortiGate-secondary # diagnose sys ntp status
HA master: no, HA master ip: 0.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=3
synchronized: no, ntpsync: enabled, server-mode: enabled

The fact that FortiGate-secondary is not in sync with NTP is expected behavior as it is not communicating with the NTP server.
Only HA primary unit will show status as synchronized.


Related Articles

Technical Tip: Troubleshoot NTP synchronization issue

4284
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.