Fortinet 5.0 Patch 6 Configuration settings that are not synchronized by HA

Fortinet 42 FortiWeb 5.0 Patch 6 Administration Guide

to request volume, and therefore can change very rapidly. To minimize the performance

impact on an HA cluster, this data is not synchronized.

•SSL/TLS sessions — HTTPS connections are stateful in that they must be able to

remember states such as the security associations from the SSL/TLS handshake: the

mutually supported cipher suite, the agreed parameters, and any certificates involved.

Encryption and authentication in SSL/TLS cannot function without this. However, a new

primary FortiWeb’s lack of existing HTTPS session information is gracefully handled by

re-initializing the SSL/TLS session with the client.This does not impact to the encapsulated

HTTP application, has only an initial failover impact during re-negotiation, and therefore is

not synchronized.

•Log messages — These describe events that happened on that specific appliance. After a

failover, you may notice that there is a gap in the original active appliance’s log files that

corresponds to the period of its down time. Log messages created during the time when the

standby was acting as the active appliance (if you have configured local log storage) are

stored there, on the original standby appliance. For more information on configuring local log

storage, see “Configuring logging” on page 545.

•Generated reports — Like the log messages that they are based upon, PDF, HTML, RTF,

and plain text reports also describe events that happened on that specific appliance. As

such, report settings are synchronized, but report output is not. For information about this

feature, see “Reports” on page 586.

•Auto-learning data — Auto-learning is a resource-intensive feature. To minimize the

performance impact on an HA cluster, this data is not synchronized. For information about

this feature, see “Auto-learning” on page 151.