- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sync between FG Main site and FG DR site in different locations
Dears,
I have two sites
1- Main site: 2 HA FG firewall.
2- DR site: 2 HA FG firewall.
How can I apply a cluster between two different sites to sync configuration?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Ireda1 ,
Currently you have two sites with FortiGate HA cluster running FGCP a-p in each site. I am not aware of your network infrastructure but you may not be able to synchronise the whole config between those two sites as I guess you have different IP subnets and routing paths.
You could implement FGSP between main and DR site and synchronise the sessions that you need:
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/668583/fgsp
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/215691/synchronizing-session...
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/796662/fgsp-fortigate-session...
You may also want to reach you SE or PS department so they can better advise you based on your current setup and config.
Best regards,
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for reply
I need to sync configuration
I have 2 sites, each site 2 FG HA, how can i sync configuration from Main site to DR
I did not need loadbalancer as you attached.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Ireda1 ,
Please bear in mind that I do not know in details your network configuration and setup and you can find a much better advice from your local SE or PS service. From my understanding to achieve what you are trying to achive, all members have to be in the same HA cluster, then you can play with HA member priorities between main and DR. I am still not sure if that is going to be feasible applied to your specific network infrastructure.
You may be interested in the following article explaining which settings will be sync'd in a FGCP HA cluster:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-FortiGate-configurations-that-will-sync...
Best regards,
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
