FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asavic
Staff
Staff

Description
This article describes expected NTP status on HA backup unit when two FortiGates are in HA cluster (FGCP).

Solution
In case there are 2 units in HA cluster as below:

# config system ha
    set group-name "test"
    set mode a-p
    set hbdev "ha1" 50
    set password XXXXXXXXXXXX
end
# config system ntp
    set ntpsync enable
    set server-mode enable
    set interface "port1"
end
FortiGate-primary # diagnose sys ntp status
HA master: yes, HA master ip: 1.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=1
synchronized: yes, ntpsync: enabled, server-mode: enabled

FortiGate-secondary # diagnose sys ntp status
HA master: no, HA master ip: 0.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=3
synchronized: no, ntpsync: enabled, server-mode: enabled

The fact that FortiGate-secondary is not in sync with NTP is expected behavior as it is not communicating with the NTP server.
Only HA primary unit will show status as synchronized.



Related Articles

Technical Tip: Troubleshoot NTP synchronization issue

Contributors