Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can use that feature but that is not related to FGSP as also explained in the guide:
standalone-config-sync is an independent feature and should be used with caution as there are some limitations. We recommend disabling it once the configurations have been synced over.
Hello Ali
I managed to set it up on 7.0.13 and worked as expected, I mean policies synchronized successfully from FG1 to FG2. Just try to redo the below config on your installation. If it doesn't work I'd suspect FOS 7.4.2.
Here is the full configuration I did (note there is no FGSP config here).
FG1:
config system ha
set group-id 10
set group-name "FG"
set hbdev "port2" 50
set standalone-config-sync enable
set priority 200
end
FG2:
config system ha
set group-id 10
set group-name "FG"
set hbdev "port2" 50
set standalone-config-sync enable
set priority 100
end
As you can see below cluster status shows nod B joined the cluster, and this is what you need to check on your installation (there is no FGSP here).
FG1 # get sys ha status
HA Health Status: OK
Model: FortiGate-VM64-KVM
Mode: ConfigSync
Group: 10
Debug: 0
Cluster Uptime: 0 days 0:8:48
Cluster state change time: 2024-02-06 08:36:13
Primary selected using:
<2024/02/06 08:36:13> FGVMEV5DN9SOIME9 is selected as the primary because its override priority is larger than peer member FGVMEVKZMA6TQOF4.
ses_pickup: disable
override: disable
Configuration Status:
FGVMEV5DN9SOIME9(updated 2 seconds ago): in-sync
FGVMEVKZMA6TQOF4(updated 2 seconds ago): in-sync
System Usage stats:
FGVMEV5DN9SOIME9(updated 2 seconds ago):
sessions=5, average-cpu-user/nice/system/idle=2%/0%/0%/98%, memory=22%
FGVMEVKZMA6TQOF4(updated 2 seconds ago):
sessions=1, average-cpu-user/nice/system/idle=0%/0%/1%/99%, memory=23%
HBDEV stats:
FGVMEV5DN9SOIME9(updated 2 seconds ago):
port2: physical/10000full, up, rx-bytes/packets/dropped/errors=1217803/3891/0/0, tx=1467229/3206/0/0
FGVMEVKZMA6TQOF4(updated 2 seconds ago):
port2: physical/10000full, up, rx-bytes/packets/dropped/errors=1506859/3975/0/0, tx=1178015/3150/0/0
Primary : FG1 , FGVMEV5DN9SOIME9, HA cluster index = 1
Secondary : FG2 , FGVMEVKZMA6TQOF4, HA cluster index = 0
number of vcluster: 1
vcluster 1: work 169.254.0.2
Primary: FGVMEV5DN9SOIME9, HA operating index = 0
Secondary: FGVMEVKZMA6TQOF4, HA operating index = 1
Created on 02-07-2024 01:04 AM Edited on 04-23-2024 12:31 AM
Delete it please
Hi Ali
I did a lab with 2 VMs, each has only 2 interfaces, port1 fort traffic and port2 for config sync (or HA if you want).
But doesn't really matter, I think I can even use only port1 as they are on the same VLAN.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.