Hi all,

I'm trying to get FGSP working on a pair of 6.0.3 VM firewalls (ESX) - both with a 60 day eval license (no the 14 day trial).  My objective is for configuration synchronisation.

I've started from factory fresh.  The units are linked with a sync interface [port2] that's configured as promiscuous in vmware and I've enabled VDOM mode on both firewalls.  I've configured IP's of 10.10.10.1/24 and 10.10.10.2/24 on port2 (much as per the documentation example) and can ping between.

My config on unit 1 is:

config global

config system interface
    edit "port2"
        set vdom "root"
        set ip 10.10.10.1 255.255.255.0
        set allowaccess ping
        set type physical
    next
end

config system cluster-sync
    edit 1
        set peerip 10.10.10.2
        set syncvd "vdom_1"
    next
end

config system ha
    set standalone-config-sync enable
    set override disable
    set priority 250
end

end

The config on unit 2 is much the same, but with the IP's swapped around (10.10.10.2/24 on port2 and peerip 10.10.10.1), and without a ha priority (default of 128).

I've made a few other minor config changes (timezone, admintimeout, hostname, root vdom admin interface address and static route, activate license), but otherwise the config is fairly fresh.

Rebooted the units, ran a 'diag sys session sync' to verify "sync_started=1".  

However, whenever I make a change to the FW policy, or address objects on unit 1, it doesn't get sync'd to unit 2.  Nor vice versa (I checked just to make sure).

Has anyone got this working?  Any advice / diagnostic commands?  Documentation around config sync diagnostics seems a bit light :(

Rich