Description
This article describes expected NTP status on HA backup unit when two FortiGates are in HA cluster (FGCP).
Solution
In case there are 2 units in HA cluster as below:
# config system ha
set group-name "test"
set mode a-p
set hbdev "ha1" 50
set password XXXXXXXXXXXX
end
# config system ntp
set ntpsync enable
set server-mode enable
set interface "port1"
end
FortiGate-primary # diagnose sys ntp status
HA master: yes, HA master ip: 1.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=1
synchronized: yes, ntpsync: enabled, server-mode: enabled
FortiGate-secondary # diagnose sys ntp status
HA master: no, HA master ip: 0.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=3
synchronized: no, ntpsync: enabled, server-mode: enabled
The fact that FortiGate-secondary is not in sync with NTP is expected behavior as it is not communicating with the NTP server.
Only HA primary unit will show status as synchronized.
Related Articles
Technical Tip: Troubleshoot NTP synchronization issue
