Clarify the FTD HA Configuration State "Sync Skipped" in "show failover state" Output

Available Languages

Download Options

  • PDF     (24.6 KB)
    View with Adobe Reader on a variety of devices
Updated:June 5, 2026
Document ID:226013

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

A Firewall Threat Defense (FTD) High Availability (HA) pair displays the configuration state as "Sync Skipped" instead of the expected "Sync Done" status. This condition appears on both units in the HA pair and raises concerns about whether the configuration synchronization between the active and standby units is functioning properly.

Example (FTD active unit):

device# show failover state 
               State          Last Failure Reason      Date/Time
This host  -   Primary
               Active         None
Other host -   Secondary
               Standby Ready  Comm Failure             16:10:34 UTC Apr 13 2026

====Configuration State===
        Sync Skipped
====Communication State===
        Mac set

Example (FTD standby unit):

device# show failover state
               State          Last Failure Reason      Date/Time
This host  -   Secondary
               Standby Ready  Ifc Failure              15:17:58 UTC Apr 13 2026
                              management: No Link
Other host -   Primary
               Active         Comm Failure             16:10:34 UTC Apr 13 2026

====Configuration State===
        Sync Skipped - STANDBY
====Communication State===
        Mac set

Environment

  • FTD 7.6.4. Other software versions are also affected.

  • FTD in Active/Standby HA deployment.

Resolution

The "Sync Skipped" status does not indicate an error condition.

The table provides a list of the various configuration states and a brief explanation:

Configuration State String

Explanation

Sync Skipped

Active unit detected that running config hashes match between active and standby, so no config sync is needed. Both units already have identical configurations.

Sync Skipped - STANDBY

Perspective from standby unit of the matching config condition; both units confirmed they have identical configurations.

Sync Required

A configuration sync is necessary but has not yet started. Shown when the standby unit first joins the HA pair and the active unit has not yet determined whether the configs match, or when a config mismatch has been detected.

Interface config Syncing

Active unit is in the process of sending VLAN and interface-specific configuration to the standby unit.

Interface config Syncing - STANDBY

Standby unit is receiving and processing VLAN and interface-specific configuration from the active unit.

Config Syncing

Active unit is actively streaming the full running configuration bulk data to the standby unit.

Config Syncing - STANDBY

Standby unit is actively receiving and replaying/applying the full configuration data streamed from the active unit.

Sync Done

Active unit successfully sent the complete configuration and received acknowledgment from the standby.

Sync Done - STANDBY

Standby unit finished receiving, parsing, and applying all configuration commands from the active unit.

Ready for Config Sync

The standby unit has signaled back that it is ready to receive configuration. The active unit is now waiting to start sending the full configuration over to the standby.

Related Verification Commands


You can use these commands to monitor the configuration sync optimization:

device# show failover config-sync checksum 
My State: Active
Config Hash: eaec2c0e8f2176394bc74771bdf5779d
device# show failover config-sync status   
Config Sync Optimization is enabled
device# show failover config-sync configuration
My State: Active
device# show failover config-sync stats all
Current HA state          : Active
Config sync skipped
FREP_CMD sender count         : 26
device# show failover config-sync errors all
        No observed config execution failures.
device# show failover config-sync errors current
        No observed config execution failures.
note-icon

Note: The Configuration State in "show failover state" command displays the config sync state status when an active FTD peer is detected. This state does not reflect the later config deployments or changes, and replication on device until a sync check has been initiated.

Cause

The "Sync Skipped" status is typically the result of configuration sync optimization functionality in FTD. This feature enables the system to compare configuration hash values between the active device and the joining device. When the hash values computed on both devices match, the joining device skips full configuration synchronization and rejoins the failover configuration directly. This optimization ensures faster HA peering, decreases FTD HA upgrade times, and reduces the duration of a maintenance window. The "Sync Skipped" message indicates that this optimization process has determined no full synchronization is necessary, which is normal behavior when configurations are already in sync.

Related Content

Revision History

Revision Publish Date Comments
1.0
05-Jun-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Mikis Zafeiroudis
    Cisco TAC Engineer
  • Ilkin Gasimov
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products