管理 HA 组高可用性

同步簇配置

当运行于簇模式的时候,为了达到较好的效果,必须确保簇中的全部设备的配置始 终同步。您可以在主设备上对配置做修改,然后在 HA 簇中的每个附属设备上使用 execute ha synchronize 命令手工将它的配置和主设备的配置同步。您可以使用 这个命令同步如下内容:

 

表 17: execute ha synchronize 关键字

 

关键字

说明

 

 

 

 

config

同步 FortiGate 配置。包括规系统配置、防火墙配置、VPN 配置以及其他保

 

 

存在 FortiGate 配置文件中的内容。

 

 

 

 

avupd

同步主设备从 Forti 响应发布网络 (FDN)接的防病毒引和防病毒定义。

 

attackdef

同步主设备从 FDN 接的 NIDS 攻击定义更新。

 

weblists

同步主设备上添加或更改的网页过滤列表。

 

emaillists

同步主设备上添加或更改的电子邮件过滤列表。

 

resmsg

同步主设备上修改的替换信息。

 

ca

同步添加到主设备的 CA 证书。

 

localcert

同步主设备上的本地证书。

 

all

同步以上全部内容。

 

使用如下步骤在主设备上修改配置,然后同步附属设备的配置。

1

连接到簇并登录到基于 Web 的管理程序或 CLI。

2

根据需要修改配置。

3

连接到簇中的每个设备的 CLI。

 

要连接到附属设备,请见 第 71 页 单独管理簇中的设备

4

使用 execute ha synchronize 命令同步附属设备的配置。

 

对于 HA 簇中的每个设备重复步骤 3 4

返回独立模式配置

在 HA 簇中的每个 FortiGate 上都重复以下操作,即可返回到独立配置: 1 连接到基于 Web 的管理程序。

2 进入 系统 > 配置 > HA

3 选择 独立模式 ,然后单击 应用

现在 FortiGate 设备退出了 HA 模式 并返回到了 独立模式。

失效恢复后替换 FortiGate

失效 - 恢复 出现在软件或者硬件有问题的情况下。当 失效 - 恢复出现时,您可以 尝试关闭失效的 FortiGate 的电源再打开它,重新启动这台 FortiGate。如果这个 FortiGate 能够正常地启动,它将重新加入到 HA 组中并正常工作。如果 FortiGate 没 能正常启动或者无法重新加入 HA 组中,您必须把它从网络中取出,更换它或者重新配 置它。

72

美国飞塔有限公司

Page 84
Image 84
Fortinet 500 manual 同步簇配置, 返回到独立模式配置, 在失效恢复后替换 FortiGate, 要连接到附属设备,请见 第 71 页 单独管理簇中的设备 。, 进入 系统 配置 Ha。

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.