ha
Use this command to enable and configure FortiAnalyzer high availability (HA).
FortiAnalyzer HA clusters provide real-time redundancy in case a unit fails. Logs, data, and relevant system settings are securely synchronized across multiple FortiAnalyzer devices, and processing tasks can be shared to alleviate the load on the primary unit.
A FortiAnalyzer HA cluster can have a maximum of four units, all of which are visible on the network. All of the units must be from the same product series and in the same operating mode (analyzer or collector). HA is not supported when FortiManager features are enabled.
For more information, see the FortiAnalyzer Administration Guide.
Syntax
config system ha
set cfg-sync-hb-interval <integer>
set group-id <integer>
set group-name <name>
set hb-interface <string>
set hb-interval <integer>
set healthcheck {DB | fault-test}
set initial-sync {true | false}
set initial-sync-threads <integer>
set load-balance {disable | round-robin}
set local-cert <certificate>
set log-sync {enable | disable}
set mode {a-a | a-p | standalone}
set password <passwd>
set preferred-role {primary | secondary}
set priority <integer>
set unicast {enable | disable}
config peer
edit <peer_id_int>
set addr <string>
set addr-hb <string>
set serial-number <string>
set status {enable | disable}
end
config vip
edit <id>
set status {enable | disable}
set vip <string>
set vip-interface <string>
end
end
Variable |
Description |
---|---|
cfg-sync-hb-interval <integer> |
Configure the sync heartbeat interval (1 - 255, default = 3). |
group-id <integer> | Set the HA group ID (1 - 255, default = 0). |
group-name <name> | Set the HA group name. |
hb-interface <string> | Set the interface for the heartbeat. |
hb-interval <integer> |
The time, in seconds, that a cluster unit waits between sending heartbeat packets. The heartbeat interval is also the amount of time that a cluster unit waits before expecting to receive a heartbeat packet from the other cluster unit (1 - 20, default = 1). |
healthcheck {DB | fault-test} |
Set the healthcheck options:
|
initial-sync {true | false} |
Synchronize data from the primary device before joining the HA cluster (default = true). |
initial-sync-threads <integer> |
Number of threads used for initial synchronization (1 - 15, default = 4). |
load-balance {disable | round-robin} |
Configure load balancing to secondary units (default = round-robin). |
local-cert <certificate> |
Set the local certificate. Note that |
log-sync {enable | disable} |
Synchronize logs to backup FortiAnalyzer devices (default = enable). |
mode {a-a | a-p | standalone} |
Set the HA operating mode: active-active ( |
password <passwd> |
Set the HA group password. |
priority <integer> |
Set the runtime priority (80 - 120, default = 100). |
preferrred-role {primary | secondary} |
The preferred role of this unit (default = secondary). The runtime role may be different. |
unicast {enable | disable} |
Enable/disable unicast for HA heartbeat (default = disable). |
Variables for |
|
<peer_id_int> |
Add a peer and add the peer’s IPv4 or IPv6 address and serial number. |
addr <string> |
Enter the address of peer for management and data. |
addr-hb <string> |
Enter the IP address of the peer's VIP interface for heartbeat. This only needs to be set if the value is different than the peer's IP address, and is only needed when using unicast. |
serial-number <string> |
Enter the serial number of the peer FortiAnalyzer unit. |
status {enable | disable} |
Enter the status of the peer FortiAnalyzer unit (default = enable). |
Variables for |
|
<id> |
Set the VIP ID. |
status {enable | disable} |
Enable/disable VIP status (default = enable). |
vip <string> |
Virtual IP address for the HA. |
vip-interface <string> |
Interface for configuring virtual IP address. Enter port1, port2, port3....port10. |