Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
smartgate
New Contributor II

Created on ‎11-20-2023 09:36 PM

Fortigate HA Secondary device Fortiguard update

Hello,

I searched to find out how the Fortigate HA secondary device communicates with and updates the Fortiguard server, but couldn't find a clear answer.
A Fortigate HA cluster uses one VIP and its ARP is maintained by the master device.
So, is it correct that the auxiliary device receives update information through the heartbeat interface?
I would like to know the logic behind Fortigate HA Cluster updating Fortiguard information.

 

Thank you.

Labels:
924
0 Kudos
1 REPLY 1
srajeswaran
Staff
Staff

Created on ‎11-20-2023 09:57 PM

Your understanding is correct, only the Primary device connects with Fortiguard and updates the database. Secondary node syncs these db files with Primary node via the HA/Hearbeat link.
If for any reason the sync fails, you will see alerts as below.

secondary's external files are not in sync with the primary's,sequence:1. (type IDS)
secondary's external files are not in sync with the primary's,sequence:3. (type CERT_CA)

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
911
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.