Configuring the FortiAnalyzer Federation
To configure a FortiAnalyzer Federation, you must configure a supervisor, one or more members, and enable soc-fabric communication on the interfaces being used.
All FortiAnalyzer Federation members must be configured with the same timezone settings as the supervisor. |
Configuring a supervisor
To configure a supervisor:
- In the FortiAnalyzer Federation supervisor CLI, enter the following commands to enable soc-fabric communication:
config system interface
edit <interface used for soc-fabric communication>
set allowaccess soc-fabric (enable other types of interface access as needed, for example https)
- Enter the following commands to configure the supervisor:
config system soc-fabric
set status enable
set role supervisor
set name <create the FortiAnalyzer Federation name>
set psk <create the FortiAnalyzer Federation password>
set port 6443 <set the communication port if not using the default one>
set secure-connection {enable | disable}
next
end
Configuring a member
FortiAnalyzer Federation allows multiple FortiAnalyzers to act as fabric members. Each FortiAnalyzer in Analyzer mode must be individually configured as a member to participate in the FortiAnalyzer Federation.
To configure a member:
- In the FortiAnalyzer Federation member CLI, enter the following commands to enable soc-fabric communication:
config system interface
edit <interface used for soc-fabric communication>
set allowaccess soc-fabric (enable other types of interface access as needed, for example https)
- Enter the following commands to configure the member:
config system soc-fabric
set status enable
set role member
set name <enter the FortiAnalyzer Federation Name>
set psk <enter the FortiAnalyzer Federation auth password>
set supervisor <enter the IP/FNDN of the supervisor>
set port 6443 <set the communication port if not using the default one>
set secure-connection {enable | disable}
next
end