A FortiAnalyzer high availability (HA) cluster provides the following features:
- Provide real-time redundancy in case a FortiAnalyzer primary unit fails. If the primary unit fails, another unit in the cluster is selected as the primary unit. See If the primary unit fails.
- Synchronize logs and data securely among multiple FortiAnalyzer units. System and configuration settings applicable to HA are also synchronized.
- Alleviate the load on the primary unit by using backup units for processes such as running reports.
A FortiAnalyzer HA cluster can have a maximum of four units: one primary unit with up to three backup units. All units in the cluster must be of the same FortiAnalyzer series. All units are visible on the network.
All units must run in the same operation mode: Analyzer or Collector. HA is not supported when FortiManager features are enabled.
Due to technical limitations, the current FortiAnalyzer HA implementation is not supported by some public cloud infrastructures, such as AWS (Amazon Web Services), Microsoft Azure, Google Cloud Platform, etc. FortiAnalyzer HA only functions under setups where VRRP is permitted.
When devices with different licenses are used to create an HA cluster, the license that allows for the smallest number of managed devices is used.