The configuration of the StandaloneNode, HAMemberNode or HAPAir in InCenter should be synchronized with the configuration on the actual firewall or HA cluster firewalls.

After configuration changes are made in InCenter, this synchronization is automatically maintained following an activate and commit sequence, when the changes are both saved in InCenter and deployed to the firewall.

However, synchronization can be deliberately switched off by setting the IncludeInDeploy flag for a node to No. For example:

admin@InCenter:/> set HAMemberNode my-ha-member1
			IncludeInDeploy=No

In this case, the InCenter configuration is updated after activate/commit but the firewall is not and becomes out of sync. This can be seen in the last line of the message generated by the status command which contains the text "Out of sync", as seen in the example below:

admin@InCenter:/> status my-ha-member1
This node is an HA Master
Uptime: 63 days 10:04:56
HostKey: SHA256:Ruqn2YcxEmU0Kr+VuFAldELmgY8+lKCfisJ+RE
Config revision: Out of sync - local 21 (2018-07-03 10:56:12)
/ remote 20 (2018-06-27 14:51:10)

The principal use-case for switching off synchronization is if one of the members of an HA cluster has failed. In this case, InCenter needs to be directed to deploy changes only to the working firewall in the cluster, otherwise the deployment will fail.

If the IncludeInDeploy property is changed from No to Yes then the firewall can be synchronized in the following ways: