Description
This article describes expected NTP status on HA backup unit when two FortiGates are in HA cluster (FGCP).
Solution
In case there are 2 units in HA cluster as below:
# config system ha
set group-name "test"
set mode a-p
set hbdev "ha1" 50
set password XXXXXXXXXXXX
end
# config system ntp
set ntpsync enable
set server-mode enable
set interface "port1"
end
FortiGate-primary # diagnose sys ntp status
HA master: yes, HA master ip: 1.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=1
synchronized: yes, ntpsync: enabled, server-mode: enabled
FortiGate-secondary # diagnose sys ntp status
HA master: no, HA master ip: 0.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=3
synchronized: no, ntpsync: enabled, server-mode: enabled
The fact that FortiGate-secondary is not in sync with NTP is expected behavior as it is not communicating with the NTP server.
Only HA primary unit will show status as synchronized.
Related Articles