Fortinet black logo

Azure Administration Guide

Home FortiAnalyzer Public Cloud 7.2.0 Azure Administration Guide
7.2.0
7.4.0
7.2.0
7.0.0
6.4.0

FortiAnalyzer High Availability setup

FortiAnalyzer High Availability setup

To setup FortiAnalyzer HA in Azure:
  1. In Azure, create FortiAnalyzer VM in one ResourceGroup in same or different subnets (different VNet not supported since public IP is regional resource).
  2. In Azure, allocate a secondary private IP (static) to be used as VIP of FortiAnalyzer HA. Secondary IP will be assigned to the instance when its mode transitioned to master by fazutil to call Azure cloud APIs within the instance itself.

    Alternatively, you can create a static public IP in the ResourceGroup to be used as VIP.

  3. In Azure, enable Managed Identity for the VM and assign role with r/w access to the resource group. This is for VM to reassign VIP.
  4. In FortiAnalyzer-VM, configure FortiAnalyzer HA, use private IP as peer IP, and the static public IP as VIP.
  5. In FortiAnalyzer-VM, for fazutil to call Azure API successfully, may need to import manually Azure cloud CA since FortiAnalyzer doesn’t come with it by default.
Previous
Next

FortiAnalyzer High Availability setup

To setup FortiAnalyzer HA in Azure:
  1. In Azure, create FortiAnalyzer VM in one ResourceGroup in same or different subnets (different VNet not supported since public IP is regional resource).
  2. In Azure, allocate a secondary private IP (static) to be used as VIP of FortiAnalyzer HA. Secondary IP will be assigned to the instance when its mode transitioned to master by fazutil to call Azure cloud APIs within the instance itself.

    Alternatively, you can create a static public IP in the ResourceGroup to be used as VIP.

  3. In Azure, enable Managed Identity for the VM and assign role with r/w access to the resource group. This is for VM to reassign VIP.
  4. In FortiAnalyzer-VM, configure FortiAnalyzer HA, use private IP as peer IP, and the static public IP as VIP.
  5. In FortiAnalyzer-VM, for fazutil to call Azure API successfully, may need to import manually Azure cloud CA since FortiAnalyzer doesn’t come with it by default.
Previous
Next