Fortinet black logo

Administration Guide

HA-Cluster

Copy Link
Copy Doc ID 7885f8f7-912a-11e9-81a4-00505692583a:735542
Download PDF

HA-Cluster

There are limits to the number of files that a single FortiSandbox can scan in a given time period. To handle heavier loads, multiple FortiSandbox devices can be used together in a load-balancing high availability (HA) cluster.

There are three types of nodes in a cluster: Master, Primary Slave, and Slave.

Please note that the following setup steps may be different for AWS and Azure cloud implementations. Please consult the FortiSandbox VM on AWS and FortiSandbox VM on Azure Guides for detailed instructions.

Master

The Master node (Unit 1 in the diagram) manages the cluster, distributes jobs and gathers the results, and interacts with clients. It can also perform normal file scans. All of the scan related configuration should be done on the master node and they will be broadcasted from the Master node to the other nodes. Any scan related configuration that has been set on a slave will be overwritten.

On the Master node, users can:

  • Change a slave node's role (Primary and Regular slave)
  • Configure a slave node's network settings
  • Upgrade slave nodes
  • View VM status page of slave nodes
  • Configure FortiGuard settings of slave nodes
  • Configure VM images of slave nodes, such as setting clone numbers of each VM image
  • Configure a Ping server to frequently check unit's network condition and downgrade itself as a Primary Slave node when necessary to trigger a failover

Although all FSA models can work as a Master node, it is advised to use a FortiSandbox-3000D or above model.

Primary Slave

The Primary Slave node (Unit 2 in the diagram) is for HA support and normal file scans. It monitors the master's condition and, if the master node fails, the primary slave will assume the role of master. The former master will then become a primary slave when it is back up.

The Primary Slave node must be the same model as the Master node.

Slave

The Slave nodes (Units 3 - 5 in the diagram) perform normal file scans and report results back to the master and primary slave. They can also store detailed job information. Slave nodes should have its own network settings and VM image settings.

The Slave nodes can be any FortiSandbox model, including FortiSandbox VM. Slave nodes in a cluster does not need to be the same model.

The total number of slave nodes, including the primary slave, cannot exceed 100.

FortiSandbox units in an HA cluster can be set up with different management ports such as port1 and port2.

For heavy job loads, use FortiSandbox-3000D or higher models.

HA-Cluster

There are limits to the number of files that a single FortiSandbox can scan in a given time period. To handle heavier loads, multiple FortiSandbox devices can be used together in a load-balancing high availability (HA) cluster.

There are three types of nodes in a cluster: Master, Primary Slave, and Slave.

Please note that the following setup steps may be different for AWS and Azure cloud implementations. Please consult the FortiSandbox VM on AWS and FortiSandbox VM on Azure Guides for detailed instructions.

Master

The Master node (Unit 1 in the diagram) manages the cluster, distributes jobs and gathers the results, and interacts with clients. It can also perform normal file scans. All of the scan related configuration should be done on the master node and they will be broadcasted from the Master node to the other nodes. Any scan related configuration that has been set on a slave will be overwritten.

On the Master node, users can:

  • Change a slave node's role (Primary and Regular slave)
  • Configure a slave node's network settings
  • Upgrade slave nodes
  • View VM status page of slave nodes
  • Configure FortiGuard settings of slave nodes
  • Configure VM images of slave nodes, such as setting clone numbers of each VM image
  • Configure a Ping server to frequently check unit's network condition and downgrade itself as a Primary Slave node when necessary to trigger a failover

Although all FSA models can work as a Master node, it is advised to use a FortiSandbox-3000D or above model.

Primary Slave

The Primary Slave node (Unit 2 in the diagram) is for HA support and normal file scans. It monitors the master's condition and, if the master node fails, the primary slave will assume the role of master. The former master will then become a primary slave when it is back up.

The Primary Slave node must be the same model as the Master node.

Slave

The Slave nodes (Units 3 - 5 in the diagram) perform normal file scans and report results back to the master and primary slave. They can also store detailed job information. Slave nodes should have its own network settings and VM image settings.

The Slave nodes can be any FortiSandbox model, including FortiSandbox VM. Slave nodes in a cluster does not need to be the same model.

The total number of slave nodes, including the primary slave, cannot exceed 100.

FortiSandbox units in an HA cluster can be set up with different management ports such as port1 and port2.

For heavy job loads, use FortiSandbox-3000D or higher models.