Description
FortiManager HA synchronization happens in two ways: full sync (when the cluster is created) and delta sync, when some modifications are made on the primary FortiManager and need to be sent to the secondary units.
The delta sync creates temporary revision files containing the config change, which are then send over the network to the secondary units.
If for some reason, the transfer speed is lower than the file creation rate, these revision files would start queuing up on the hard disk of the primary node.
Solution
'File Quota' is defining the maximum disk space for this queue, in order to prevent it from filling up the entire disk.
This setting can be changed only on the primary unit and is synced to the secondary nodes.
The default value is 4096 MB (4 GB) and can be configured between 2048 MB (2 GB) and 20480 MB (20 GB).
To configure via CLI:
However, some FortiManager deployments may benefit from increasing this setting in order to avoid HA sync issues.
For example in case of a limited bandwidth link between the cluster nodes.
When the quota limit is reached, the queue is reset and the sync process starts over.
An event log is generated reporting that the quota is reached.
The following CLI debug can be used to view the total size of the pending files:
Normally the output should show 0 bytes pending or some megabytes right after a config change and ongoing delta sync:
FortiManager HA synchronization happens in two ways: full sync (when the cluster is created) and delta sync, when some modifications are made on the primary FortiManager and need to be sent to the secondary units.
The delta sync creates temporary revision files containing the config change, which are then send over the network to the secondary units.
If for some reason, the transfer speed is lower than the file creation rate, these revision files would start queuing up on the hard disk of the primary node.
Solution
'File Quota' is defining the maximum disk space for this queue, in order to prevent it from filling up the entire disk.
This setting can be changed only on the primary unit and is synced to the secondary nodes.
The default value is 4096 MB (4 GB) and can be configured between 2048 MB (2 GB) and 20480 MB (20 GB).
# config system haThe default 4 GB quota should be enough in most cases.
set file-quota <value>
end
However, some FortiManager deployments may benefit from increasing this setting in order to avoid HA sync issues.
For example in case of a limited bandwidth link between the cluster nodes.
When the quota limit is reached, the queue is reset and the sync process starts over.
An event log is generated reporting that the quota is reached.
The following CLI debug can be used to view the total size of the pending files:
Normally the output should show 0 bytes pending or some megabytes right after a config change and ongoing delta sync:
FMG-VM64-Primary # diag ha statsConsider increasing 'File Quota' if this value is frequently reaching the limit and causing temporary cluster down status:
===== HA Statistics =====
cluster status: up
--- cluster member information ---
ip : 192.168.1.68
serial number : FMG-VM0A10-----2
hostname : FMG-VM64-Secondary
role : slave
status : up
total sync'ed data(bytes) : 7735559882
pending sync'ed data(bytes) : 0
slave down alert : off
slave re-join alert : off
last error :
FMG-VM64-Primary # diag ha statsIf the pending value is continuously reaching or staying at the limit, even though 'File Quota' is set at the maximum 20480 MB, contact Fortinet Technical Support for further investigation.
===== HA Statistics =====
cluster status: down
--- cluster member information ---
ip : 192.168.1.68
serial number : FMG-VM0A10-----2
hostname : FMG-VM64-Secondary
role : slave
status : synchronizing
total sync'ed data(bytes) : 3027951943
pending sync'ed data(bytes) : 4294967296
slave down alert : off
slave re-join alert : off
last error :
