FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article describes the issue where entitlement status is not replicated to secondary FortiManager devices in a High Availability cluster. It explains the cause of the issue and provides a solution to ensure that entitlement files are synchronized across all cluster members.
Scope
FortiManager.
Solution
Entitlement files are not synced across FortiManager High Availability cluster members by default. The FortiGuard module is configured on each cluster member separately, and the entitlement file needs to be uploaded on each device individually.
To resolve the issue of entitlement status not being replicated to secondary FortiManager devices, follow these steps:
Make sure that each FortiManager device in the High Availability cluster has the entitlement file uploaded separately.
Go to System -> FortiGuard -> Service Status and verify that the entitlement status is updated on each device. The command diagnose fmupdate dbcontract may also be used to review whether the entitlement file upload was successful and the command diagnose fmupdate fds-dump subs to display all the entitlement information for the loaded entitlement file.
Note: Both CLI commands are available in FortiManager version 7.0.4 GA, 7.2.1 GA and above.
