Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lanmanjs
New Contributor

Policy Push to Multiple Firewalls

I have a question.   I have a cluster of firewalls (4) that should all get the same Policy during an install of it.  However, there are times when I will see one or two of the systems in the cluster come back and state 'there are no commands to send' but the rest are fine.  There are other times that all four get the policy, as it should, each time it gets installed.  Can anyone tell me why this is?  Why will it send any changes made to the policy to all of the systems one time and at other times one or two of them are 'exempted' (for lack of a better term)?  Also, once the policy is installed any subsequent pushes that would include the exempted system(s) from before do NOT get the changes later so the policies are not exact (in case of failover).

 

Thank you for any response -  

1 REPLY 1
orani
Contributor II

At the HA configuration, the best is to get the lowest serial number firewall as the active. Then try to cancel any ha configuration you have. Keep only one fgt working. Then factory default the rest 3 fgts. When you are done re-configure the HA. If you do it in the right way then all your firewalls should have the same exact config. Also how did you connect the heartbeat interfaces on each fgt?

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
Labels
Top Kudoed Authors