Copy Configuration As HA Synchronisation

Instead of doing HA synchronization (e.g active-passive with priority)

Can I download the configuration from the primary FW, and then restore it into the secondary firewall?

I only change the hostname.

Then will they auto sync with each other?


Your statement is self-conflicting. If you want to the pair to "auto sync" each other, you need to configure HA like active-passive. The priority is optional and one of them becomes the primary based on the conditions at that time.


If you're instead talking about how to let the secondary sync up at the first time in a-p HA, the most of the config between primary and secondary is identical. You can download the config from the primary, and change only the hostname, management interface(s), and HA config, (see the KB then upload it to the secondary before connecting all cables to the secondary. Then you can hook up the HA cable(s) between them. Just make sure you power-up the primary first and have it running much longer than the secondary if you don't use priority/override. 




If there is currently no HA configuration on your primary firewall you can certainly backup and restore this configuration into your secondary unit. From here you can change the hostname and configure the necessary HA configuration on both firewalls and they should find each other then negotiate and create a cluster.


To ensure the HA syncs properly you will want to make sure both FortiGates in the cluster are the same model and have the same firmware installed. Take a look at the FGCP section in the Administrative Guide which will give more details on how the FortiGate synchronizing the configuration, what is and isn't included etc. 

FGCP | FortiGate / FortiOS 7.4.0 (

Let me know how it goes. 





