Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AliAllafzadeh
New Contributor III

Delete it please

 

Delete it please

13 REPLIES 13
ebilcari

You can use that feature but that is not related to FGSP as also explained in the guide: 

standalone-config-sync is an independent feature and should be used with caution as there are some limitations. We recommend disabling it once the configurations have been synced over.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
AEK
SuperUser
SuperUser

Hello Ali

I managed to set it up on 7.0.13 and worked as expected, I mean policies synchronized successfully from FG1 to FG2. Just try to redo the below config on your installation. If it doesn't work I'd suspect FOS 7.4.2.

Here is the full configuration I did (note there is no FGSP config here).

FG1:
config system ha
set group-id 10
set group-name "FG"
set hbdev "port2" 50
set standalone-config-sync enable
set priority 200
end

FG2:
config system ha
set group-id 10
set group-name "FG"
set hbdev "port2" 50
set standalone-config-sync enable
set priority 100
end

 

As you can see below cluster status shows nod B joined the cluster, and this is what you need to check on your installation (there is no FGSP here).

FG1 # get sys ha status
HA Health Status: OK
Model: FortiGate-VM64-KVM
Mode: ConfigSync
Group: 10
Debug: 0
Cluster Uptime: 0 days 0:8:48
Cluster state change time: 2024-02-06 08:36:13
Primary selected using:
<2024/02/06 08:36:13> FGVMEV5DN9SOIME9 is selected as the primary because its override priority is larger than peer member FGVMEVKZMA6TQOF4.
ses_pickup: disable
override: disable
Configuration Status:
FGVMEV5DN9SOIME9(updated 2 seconds ago): in-sync
FGVMEVKZMA6TQOF4(updated 2 seconds ago): in-sync
System Usage stats:
FGVMEV5DN9SOIME9(updated 2 seconds ago):
sessions=5, average-cpu-user/nice/system/idle=2%/0%/0%/98%, memory=22%
FGVMEVKZMA6TQOF4(updated 2 seconds ago):
sessions=1, average-cpu-user/nice/system/idle=0%/0%/1%/99%, memory=23%
HBDEV stats:
FGVMEV5DN9SOIME9(updated 2 seconds ago):
port2: physical/10000full, up, rx-bytes/packets/dropped/errors=1217803/3891/0/0, tx=1467229/3206/0/0
FGVMEVKZMA6TQOF4(updated 2 seconds ago):
port2: physical/10000full, up, rx-bytes/packets/dropped/errors=1506859/3975/0/0, tx=1178015/3150/0/0
Primary : FG1 , FGVMEV5DN9SOIME9, HA cluster index = 1
Secondary : FG2 , FGVMEVKZMA6TQOF4, HA cluster index = 0
number of vcluster: 1
vcluster 1: work 169.254.0.2
Primary: FGVMEV5DN9SOIME9, HA operating index = 0
Secondary: FGVMEVKZMA6TQOF4, HA operating index = 1

 

AEK
AEK
AliAllafzadeh
New Contributor III

Delete it please

AEK

Hi Ali

I did a lab with 2 VMs, each has only 2 interfaces, port1 fort traffic and port2 for config sync (or HA if you want).

But doesn't really matter, I think I can even use only port1 as they are on the same VLAN.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors