Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ireda1
New Contributor II

Sync between FG Main site and FG DR site in different locations

Dears,

 

I have two sites

1- Main site: 2 HA FG firewall.

2- DR site: 2 HA FG firewall.

 

How can I apply a cluster between two different sites to sync configuration?

3 REPLIES 3
fricci_FTNT
Staff
Staff

Hi @Ireda1 ,

 

Currently you have two sites with FortiGate HA cluster running FGCP a-p in each site. I am not aware of your network infrastructure but you may not be able to synchronise the whole config between those two sites as I guess you have different IP subnets and routing paths.

You could implement FGSP between main and DR site and synchronise the sessions that you need:
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/668583/fgsp
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/215691/synchronizing-session...

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/913098/applying-the-session-...

https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/796662/fgsp-fortigate-session...
You may also want to reach you SE or PS department so they can better advise you based on your current setup and config.

 

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
Ireda1
New Contributor II

Thanks for reply

 

I need to sync configuration 

 

I have 2 sites, each site 2 FG HA, how can i sync configuration from Main site to DR

I did not need loadbalancer as you attached.

fricci_FTNT

Hi @Ireda1 ,

 

Please bear in mind that I do not know in details your network configuration and setup and you can find a much better advice from your local SE or PS service. From my understanding to achieve what you are trying to achive, all members have to be in the same HA cluster, then you can play with HA member priorities between main and DR. I am still not sure if that is going to be feasible applied to your specific network infrastructure.

You may be interested in the following article explaining which settings will be sync'd in a FGCP HA cluster:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-FortiGate-configurations-that-will-sync...


Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors