Fortinet white logo
Fortinet white logo

CLI Reference

ha

ha

Use this command to enable and configure FortiAnalyzer high availability (HA).

FortiAnalyzer HA clusters provide real-time redundancy in case a unit fails. Logs, data, and relevant system settings are securely synchronized across multiple FortiAnalyzer devices, and processing tasks can be shared to alleviate the load on the primary unit.

A FortiAnalyzer HA cluster can have a maximum of five units, all of which are visible on the network. All of the units must be from the same product series and in the same operating mode (analyzer or collector). HA is not supported when FortiManager features are enabled.

For more information, see the FortiAnalyzer Administration Guide.

Syntax

config system ha

set group-id <integer>

set group-name <name>

set hb-interface

set hb-interval <integer>

set healthcheck {DB | fault-test}

set initial-sync {true | false}

set initial-sync-threads <integer>

set load-balance (disable | round-robin}

set log-sync {enable | disable}

set mode {a-p | standalone}

set password <passwd>

set preferred-role

set priority <integer>

set private-clusterid

set private-file-quota

set private-hb-interval

set private-hb-lost-threshold

set private-mode

set private-password

set unicast {enable | disable}

set vip <ip_address>

set vip-interface <port>

config peer

edit <peer_id_int>

set ip <peer_ip_address>

set ip-hb <string>

set serial-number <string>

set status {enable | disable}

end

end

Variable

Description

group-id <integer> Set the HA group ID (1 - 255, default = 0).
group-name <name> Set the HA group name.
hb-interface

hb-interval <integer>

The time, in seconds, that a cluster unit waits between sending heartbeat packets. The heartbeat interval is also the amount of time that a cluster unit waits before expecting to receive a heartbeat packet from the other cluster unit (1 - 20, default = 1).

healthcheck {DB | fault-test}

Set the healthcheck options:

  • DB - Check that the database is running.
  • fault-test - Temp fault test.

initial-sync {true | false}

Synchronize data from the primary device before joining the HA cluster (default = true).

initial-sync-threads <integer>

Number of threads used for initial synchronization (1 - 15, default = 4).

load-balance (disable | round-robin}

Configure load balancing to secondary units (default = round-robin).

log-sync {enable | disable}

Synchronize logs to backup FortiAnalyzer devices (default = enable).

mode {a-p | standalone}

Set the HA operating mode: Active-passive mode (a-p) or Standalone mode (standalone) (default = standalone).

password <passwd>

Set the HA group password.

priority <integer>

Set the runtime priority (80 - 120, default = 100).

preferrred-role {master | slave}

The preferred role of this unit (default = slave). The runtime role may be different.

private-clusterid

private-file-quota

private-hb-interval

private-hb-lost-threshold

private-mode

private-password

unicast {enable | disable}

Enable/disable unicast for HA heartbeat (default = disable).

vip <ip_address>

Set the virtual IP address for the HA cluster.

vip-interface <port>

Set the virtual interface for configuring the virtual IP address.

Variables for config peer subcommand:

<peer_id_int>

Add a peer and add the peer’s IPv4 or IPv6 address and serial number.

ip <peer_ip_address>

Enter the IPv4 address of the peer FortiAnalyzer unit.

ip-hb <string>

Enter the IP address of the peer's VIP interface for heartbeat.

This only needs to be set if the value is different than the peer's IP address, and is only needed when using unicast.

serial-number <string>

Enter the serial number of the peer FortiAnalyzer unit.

status {enable | disable}

Enter the status of the peer FortiAnalyzer unit (default = enable).

ha

ha

Use this command to enable and configure FortiAnalyzer high availability (HA).

FortiAnalyzer HA clusters provide real-time redundancy in case a unit fails. Logs, data, and relevant system settings are securely synchronized across multiple FortiAnalyzer devices, and processing tasks can be shared to alleviate the load on the primary unit.

A FortiAnalyzer HA cluster can have a maximum of five units, all of which are visible on the network. All of the units must be from the same product series and in the same operating mode (analyzer or collector). HA is not supported when FortiManager features are enabled.

For more information, see the FortiAnalyzer Administration Guide.

Syntax

config system ha

set group-id <integer>

set group-name <name>

set hb-interface

set hb-interval <integer>

set healthcheck {DB | fault-test}

set initial-sync {true | false}

set initial-sync-threads <integer>

set load-balance (disable | round-robin}

set log-sync {enable | disable}

set mode {a-p | standalone}

set password <passwd>

set preferred-role

set priority <integer>

set private-clusterid

set private-file-quota

set private-hb-interval

set private-hb-lost-threshold

set private-mode

set private-password

set unicast {enable | disable}

set vip <ip_address>

set vip-interface <port>

config peer

edit <peer_id_int>

set ip <peer_ip_address>

set ip-hb <string>

set serial-number <string>

set status {enable | disable}

end

end

Variable

Description

group-id <integer> Set the HA group ID (1 - 255, default = 0).
group-name <name> Set the HA group name.
hb-interface

hb-interval <integer>

The time, in seconds, that a cluster unit waits between sending heartbeat packets. The heartbeat interval is also the amount of time that a cluster unit waits before expecting to receive a heartbeat packet from the other cluster unit (1 - 20, default = 1).

healthcheck {DB | fault-test}

Set the healthcheck options:

  • DB - Check that the database is running.
  • fault-test - Temp fault test.

initial-sync {true | false}

Synchronize data from the primary device before joining the HA cluster (default = true).

initial-sync-threads <integer>

Number of threads used for initial synchronization (1 - 15, default = 4).

load-balance (disable | round-robin}

Configure load balancing to secondary units (default = round-robin).

log-sync {enable | disable}

Synchronize logs to backup FortiAnalyzer devices (default = enable).

mode {a-p | standalone}

Set the HA operating mode: Active-passive mode (a-p) or Standalone mode (standalone) (default = standalone).

password <passwd>

Set the HA group password.

priority <integer>

Set the runtime priority (80 - 120, default = 100).

preferrred-role {master | slave}

The preferred role of this unit (default = slave). The runtime role may be different.

private-clusterid

private-file-quota

private-hb-interval

private-hb-lost-threshold

private-mode

private-password

unicast {enable | disable}

Enable/disable unicast for HA heartbeat (default = disable).

vip <ip_address>

Set the virtual IP address for the HA cluster.

vip-interface <port>

Set the virtual interface for configuring the virtual IP address.

Variables for config peer subcommand:

<peer_id_int>

Add a peer and add the peer’s IPv4 or IPv6 address and serial number.

ip <peer_ip_address>

Enter the IPv4 address of the peer FortiAnalyzer unit.

ip-hb <string>

Enter the IP address of the peer's VIP interface for heartbeat.

This only needs to be set if the value is different than the peer's IP address, and is only needed when using unicast.

serial-number <string>

Enter the serial number of the peer FortiAnalyzer unit.

status {enable | disable}

Enter the status of the peer FortiAnalyzer unit (default = enable).