Fortinet 5.0 Patch 6 Data that is not synchronized by HA

Fortinet 41 FortiWeb 5.0 Patch 6 Administration Guide

Failover is triggered by any interruption to either the heartbeat or a port monitored network

interface whose length of time exceeds your configured limits (Detection Interval x Heartbeat

Lost Threshold). When the active (“main”) appliance becomes unresponsive, the standby

appliance:

1. Notifies the network via ARP that the network interface IP addresses (including the IP

address of the bridge, if any) are now associated with its virtual MAC addresses

2. Assumes the role of the active appliance and scans network traffic

To keep the standby appliance ready in case of a failover, HA pairs also use the heartbeat link to

automatically synchronize most of their configuration. Synchronization includes:

• core CLI-style configuration file (fwb_system.conf)

• X.509 certificates, certificate request files (CSR), and private keys

• HTTP error pages

• FortiGuard IRIS Service database

• FortiGuard Security Service files (attack signatures, predefined data types & suspicious

URLs, known web crawlers & content scrapers, global white list, vulnerability scan

signatures)

• Geography-to-IP database

and occurs immediately when an appliance joins the cluster, and thereafter every 30 seconds.

Although they are not automatically synchronized for performance reasons due to large size and

frequent updates, you can manually force HA to synchronize FortiGuard Antivirus signatures.

For instructions, see execute ha synchronize in the FortiWeb CLI Reference. For a list of

settings and data that are not synchronized, see “Data that is not synchronized by HA” and

“Configuration settings that are not synchronized by HA”.