A FortiAnalyzer high availability (HA) cluster provides the following features:
- Provide real-time redundancy in case a FortiAnalyzer primary unit fails. If the primary unit fails, another unit in the cluster is selected as the primary unit. See If the primary unit fails.
- Synchronize logs and data securely among multiple FortiAnalyzer units. Some system and configuration settings are also synchronized. See Configuration synchronization.
- Alleviate the load on the primary unit by using secondary (backup) units for processes such as running reports.
A FortiAnalyzer HA cluster can have a maximum of four units: one primary unit with up to three secondary units. All units in the cluster must be of the same FortiAnalyzer series. All units are visible on the network.
All units must run in the same operation mode: Analyzer or Collector.
Due to technical limitations, the current FortiAnalyzer HA implementation is not supported by some public cloud infrastructures, such as Microsoft Azure, Google Cloud Platform, etc. FortiAnalyzer HA only functions under setups where VRRP is permitted.
When devices with different licenses are used to create an HA cluster, the license that allows for the smallest number of managed devices is used.