Fortinet black logo

Cookbook

Setting up a FortiAnalyzer HA cluster

6.2.0
Copy Link
Copy Doc ID 8ee8a6b6-7281-11e9-81a4-00505692583a:266391
Download PDF

Setting up a FortiAnalyzer HA cluster

You can configure two or more FortiAnalyzer units in a High Availability (HA) cluster to provide real-time redundancy in case a primary unit fails. High Availability clusters also alleviate the load on the primary unit by using backup units for processes such as running reports.

The following is an overview of how to configure FortiAnalyzer units in an HA cluster:

  1. Go to System Settings > HA.
  2. Set the Operation Mode of the primary unit to High Availability.
  3. Configure the settings for the primary (Master) unit.
  4. Configure the settings for the secondary (Slave) units.
Note

All the units must:

  • Be of the same FortiAnalyzer series
  • Be visible on the network
  • Run in the same operation mode: Analyzer or Collector
To configure the primary unit in an HA cluster:
  1. Go to System Settings > HA.
  2. Set the Operation Mode to High Availability.
  3. Set the Preferred Role to Master.
  4. Configure the Cluster Virtual IP settings:
    Interface

    Select the interface to be used as the clustered Virtual IP.

    IP Address

    Type the IP address to be used by the HA cluster to provide redundancy.

  5. In the Peer IP and Peer SN box, type the Peer IP and Peer SN for each secondary (Slave) unit. The maximum is three units.

  6. Type the Group Name, Group ID, and Password. These settings must be the same for all the units in the cluster.
  7. Click Apply.
To configure secondary units in an HA cluster:
  1. Set the Preferred Role to Slave.
  2. Configure the Cluster Virtual IP settings with the HA cluster's Interface and IP Address.
    Interface

    Select the interface being used by the cluster as the Virtual IP.

    IP Address

    Type the IP address being used by the cluster to provide redundancy.

  3. In the Peer IP and Peer SN box, type the Peer IP and Peer SN for the primary (Master) unit and each secondary (Slave) unit.

  4. Type the Group Name, Group ID, and Password. These settings must be the same for all the units in the cluster.
  5. Click Apply.
Cluster Settings

Cluster Status

Operation Mode

Select High Availability to configure the FortiAnalyzer unit for HA.

Select Standalone to stop operating in HA mode.

Preferred Role

Select the preferred role when this unit first joins the HA cluster.

If the preferred role is Master, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a backup (slave) unit.

The default is Slave so that the unit can synchronize with the primary unit. A slave or backup unit cannot become a master or primary unit until it is synchronized with the current primary unit.

Cluster Virtual IP

Interface

Select the interface the FortiAnalyzer HA unit uses to provide redundancy.

IP Address

Type the IP address for which the FortiAnalyzer HA unit is to provide redundancy.

Cluster Settings

Peer IP

Type the IP address of another FortiAnalyzer unit in the cluster.

Peer SN

Type the serial number of the FortiAnalyzer unit corresponding to the entered IP address.

Group Name

Type a group name that uniquely identifies the FortiAnalyzer HA cluster. All units in a cluster must have the same Group Name, Group ID and Password.

Group ID

Type a group ID from 1 to 255 that uniquely identifies the FortiAnalyzer HA cluster. The primary unit and all backup units must have the same Group ID.

Password

Type a password for the HA cluster. All members of the HA cluster must have the same password.

Heart Beat Interval

The time the primary unit waits between sending heartbeat packets, in seconds. The heartbeat interval is also the amount of time that backup units waits before expecting to receive a heartbeat packet from the primary unit.

Priority The priority or seniority of the backup unit in the cluster.
Log Data Sync This option is on by default. It provides real-time log synchronization among cluster members.

Setting up a FortiAnalyzer HA cluster

You can configure two or more FortiAnalyzer units in a High Availability (HA) cluster to provide real-time redundancy in case a primary unit fails. High Availability clusters also alleviate the load on the primary unit by using backup units for processes such as running reports.

The following is an overview of how to configure FortiAnalyzer units in an HA cluster:

  1. Go to System Settings > HA.
  2. Set the Operation Mode of the primary unit to High Availability.
  3. Configure the settings for the primary (Master) unit.
  4. Configure the settings for the secondary (Slave) units.
Note

All the units must:

  • Be of the same FortiAnalyzer series
  • Be visible on the network
  • Run in the same operation mode: Analyzer or Collector
To configure the primary unit in an HA cluster:
  1. Go to System Settings > HA.
  2. Set the Operation Mode to High Availability.
  3. Set the Preferred Role to Master.
  4. Configure the Cluster Virtual IP settings:
    Interface

    Select the interface to be used as the clustered Virtual IP.

    IP Address

    Type the IP address to be used by the HA cluster to provide redundancy.

  5. In the Peer IP and Peer SN box, type the Peer IP and Peer SN for each secondary (Slave) unit. The maximum is three units.

  6. Type the Group Name, Group ID, and Password. These settings must be the same for all the units in the cluster.
  7. Click Apply.
To configure secondary units in an HA cluster:
  1. Set the Preferred Role to Slave.
  2. Configure the Cluster Virtual IP settings with the HA cluster's Interface and IP Address.
    Interface

    Select the interface being used by the cluster as the Virtual IP.

    IP Address

    Type the IP address being used by the cluster to provide redundancy.

  3. In the Peer IP and Peer SN box, type the Peer IP and Peer SN for the primary (Master) unit and each secondary (Slave) unit.

  4. Type the Group Name, Group ID, and Password. These settings must be the same for all the units in the cluster.
  5. Click Apply.
Cluster Settings

Cluster Status

Operation Mode

Select High Availability to configure the FortiAnalyzer unit for HA.

Select Standalone to stop operating in HA mode.

Preferred Role

Select the preferred role when this unit first joins the HA cluster.

If the preferred role is Master, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a backup (slave) unit.

The default is Slave so that the unit can synchronize with the primary unit. A slave or backup unit cannot become a master or primary unit until it is synchronized with the current primary unit.

Cluster Virtual IP

Interface

Select the interface the FortiAnalyzer HA unit uses to provide redundancy.

IP Address

Type the IP address for which the FortiAnalyzer HA unit is to provide redundancy.

Cluster Settings

Peer IP

Type the IP address of another FortiAnalyzer unit in the cluster.

Peer SN

Type the serial number of the FortiAnalyzer unit corresponding to the entered IP address.

Group Name

Type a group name that uniquely identifies the FortiAnalyzer HA cluster. All units in a cluster must have the same Group Name, Group ID and Password.

Group ID

Type a group ID from 1 to 255 that uniquely identifies the FortiAnalyzer HA cluster. The primary unit and all backup units must have the same Group ID.

Password

Type a password for the HA cluster. All members of the HA cluster must have the same password.

Heart Beat Interval

The time the primary unit waits between sending heartbeat packets, in seconds. The heartbeat interval is also the amount of time that backup units waits before expecting to receive a heartbeat packet from the primary unit.

Priority The priority or seniority of the backup unit in the cluster.
Log Data Sync This option is on by default. It provides real-time log synchronization among cluster members.