Fortinet black logo

Administration Guide

HA-Cluster

Copy Link
Copy Doc ID af12b5b0-1c45-11ea-9384-00505692583a:735542
Download PDF

HA-Cluster

There are limits to the number of files that a single FortiSandbox can scan in a given time period. To handle heavier loads, multiple FortiSandbox devices can be used together in a load-balancing high availability (HA) cluster.

There are three types of nodes in a cluster: primary or master, secondary or primary slave, and worker or slave.

Primary (or Master)

The primary node (Unit 1 in the diagram) manages the cluster, distributes jobs and gathers the results, and interacts with clients. It can also perform normal file scans. All of the scan related configuration should be done on the primary node and they will be broadcasted from the primary node to the other nodes. Any scan related configuration that has been set on a worker will be overwritten.

On the primary node, users can:

  • Change a worker node's role (secondary and worker)
  • Configure a worker node's network settings
  • Upgrade worker nodes
  • View VM status page of worker nodes
  • Configure FortiGuard settings of worker nodes
  • Configure VM images of worker nodes, such as setting clone numbers of each VM image
  • Configure a Ping server to frequently check unit's network condition and downgrade itself as a secondary node when necessary to trigger a failover

Although all FortiSandbox models can work as a primary (master) node, we recommend using a FortiSandbox-3000D or higher.

Secondary (or primary slave)

The secondary node (Unit 2 in the diagram) is for HA support and normal file scans. It monitors the primary's condition and, if the primary node fails, the secondary will assume the role of primary. The former primary will then become a secondary when it is back up.

The secondary node must be the same model as the primary node.

Worker (or slave)

The worker nodes (Units 3 - 5 in the diagram) perform normal file scans and report results back to the primary and secondary nodes. They can also store detailed job information. Worker nodes should have its own network settings and VM image settings.

The worker nodes can be any FortiSandbox model, including FortiSandbox VM. Worker nodes in a cluster does not need to be the same model.

The total number of worker nodes, including the secondary node, cannot exceed 100.

FortiSandbox units in an HA cluster can be set up with different management ports such as port1 and port2.

For heavy job loads, use FortiSandbox-3000D or higher models.

HA-Cluster

There are limits to the number of files that a single FortiSandbox can scan in a given time period. To handle heavier loads, multiple FortiSandbox devices can be used together in a load-balancing high availability (HA) cluster.

There are three types of nodes in a cluster: primary or master, secondary or primary slave, and worker or slave.

Primary (or Master)

The primary node (Unit 1 in the diagram) manages the cluster, distributes jobs and gathers the results, and interacts with clients. It can also perform normal file scans. All of the scan related configuration should be done on the primary node and they will be broadcasted from the primary node to the other nodes. Any scan related configuration that has been set on a worker will be overwritten.

On the primary node, users can:

  • Change a worker node's role (secondary and worker)
  • Configure a worker node's network settings
  • Upgrade worker nodes
  • View VM status page of worker nodes
  • Configure FortiGuard settings of worker nodes
  • Configure VM images of worker nodes, such as setting clone numbers of each VM image
  • Configure a Ping server to frequently check unit's network condition and downgrade itself as a secondary node when necessary to trigger a failover

Although all FortiSandbox models can work as a primary (master) node, we recommend using a FortiSandbox-3000D or higher.

Secondary (or primary slave)

The secondary node (Unit 2 in the diagram) is for HA support and normal file scans. It monitors the primary's condition and, if the primary node fails, the secondary will assume the role of primary. The former primary will then become a secondary when it is back up.

The secondary node must be the same model as the primary node.

Worker (or slave)

The worker nodes (Units 3 - 5 in the diagram) perform normal file scans and report results back to the primary and secondary nodes. They can also store detailed job information. Worker nodes should have its own network settings and VM image settings.

The worker nodes can be any FortiSandbox model, including FortiSandbox VM. Worker nodes in a cluster does not need to be the same model.

The total number of worker nodes, including the secondary node, cannot exceed 100.

FortiSandbox units in an HA cluster can be set up with different management ports such as port1 and port2.

For heavy job loads, use FortiSandbox-3000D or higher models.