Hello,
I searched to find out how the Fortigate HA secondary device communicates with and updates the Fortiguard server, but couldn't find a clear answer.
A Fortigate HA cluster uses one VIP and its ARP is maintained by the master device.
So, is it correct that the auxiliary device receives update information through the heartbeat interface?
I would like to know the logic behind Fortigate HA Cluster updating Fortiguard information.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Your understanding is correct, only the Primary device connects with Fortiguard and updates the database. Secondary node syncs these db files with Primary node via the HA/Hearbeat link.
If for any reason the sync fails, you will see alerts as below.
secondary's external files are not in sync with the primary's,sequence:1. (type IDS)
secondary's external files are not in sync with the primary's,sequence:3. (type CERT_CA)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1546 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.