- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HA checksum
I learned about the ha checksum on Fortinet , the "link".
some of the contents as follow :
The following command output is for the primary unit of a cluster that does not have multiple VDOMs enabled:
diagnose sys ha checksum showis_manage_master()=1, is_root_master()=1debugzoneglobal: a0 7f a7 ff ac 00 d5 b6 82 37 cc 13 3e 0b 9b 77root: 43 72 47 68 7b da 81 17 c8 f5 10 dd fd 6b e9 57all: c5 90 ed 22 24 3e 96 06 44 35 b6 63 7c 84 88 d5 checksumglobal: a0 7f a7 ff ac 00 d5 b6 82 37 cc 13 3e 0b 9b 77root: 43 72 47 68 7b da 81 17 c8 f5 10 dd fd 6b e9 57all: c5 90 ed 22 24 3e 96 06 44 35 b6 63 7c 84 88 d5The following command output is for a subordinate unit of the same cluster:
diagnose sys ha checksum showis_manage_master()=0, is_root_master()=0debugzoneglobal: a0 7f a7 ff ac 00 d5 b6 82 37 cc 13 3e 0b 9b 77root: 43 72 47 68 7b da 81 17 c8 f5 10 dd fd 6b e9 57all: c5 90 ed 22 24 3e 96 06 44 35 b6 63 7c 84 88 d5 checksumglobal: a0 7f a7 ff ac 00 d5 b6 82 37 cc 13 3e 0b 9b 77root: 43 72 47 68 7b da 81 17 c8 f5 10 dd fd 6b e9 57all: c5 90 ed 22 24 3e 96 06 44 35 b6 63 7c 84 88 d5 1.Does anyone know that what is the meaning of 「global、root、all」?2.If I have 2 fortigates, steup for ha, but the checksum mismatch on the root and all line, what does it mean?Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know it has been a while, but i just came across your question.
The global is all global configuration on the firewall (admin profiles, users, fortiguard etc)
The root is all the settings related tot he root vdom, (interfaces, policies, address objects, security profiles, etc)
The all is a combination of the global and root (and any other vdoms you may add). This is a checksum for the overall config.
If the root checksum does not match, and therefore the all checksum will not match, you have a configuration that did not sync. Here is a good article that talks about how to drill down through the different modules to find where the problem is and how to force a resync.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36176
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know it has been a while, but i just came across your question.
The global is all global configuration on the firewall (admin profiles, users, fortiguard etc)
The root is all the settings related tot he root vdom, (interfaces, policies, address objects, security profiles, etc)
The all is a combination of the global and root (and any other vdoms you may add). This is a checksum for the overall config.
If the root checksum does not match, and therefore the all checksum will not match, you have a configuration that did not sync. Here is a good article that talks about how to drill down through the different modules to find where the problem is and how to force a resync.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36176
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gdifiore wrote:Thank you for your reply!I know it has been a while, but i just came across your question.
The global is all global configuration on the firewall (admin profiles, users, fortiguard etc)
The root is all the settings related tot he root vdom, (interfaces, policies, address objects, security profiles, etc)
The all is a combination of the global and root (and any other vdoms you may add). This is a checksum for the overall config.
If the root checksum does not match, and therefore the all checksum will not match, you have a configuration that did not sync. Here is a good article that talks about how to drill down through the different modules to find where the problem is and how to force a resync.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36176
