Configuring HA options
To configure HA options go to System Settings > HA and configure FortiAnalyzer units to create an HA cluster or change cluster configuration.
In System Settings > HA, use the Cluster Settings pane to create or change HA configuration, and use the Cluster Status pane to monitor HA status.
To configure a cluster, set the Operation Mode of the primary unit to Active-Passive or Active-Active. Then add the IP addresses and serial numbers of each secondary unit to the primary unit peer list. The IP address and serial number of the primary unit and all secondary units must be added to each secondary unit's HA configuration. The primary unit and all secondary units must have the same Group Name, Group ID and Password.
You can connect to the primary unit GUI to work with FortiAnalyzer. Using configuration synchronization, you can configure and work with the cluster in the same way as you work with a standalone FortiAnalyzer unit.
Configure the following settings:
Cluster Settings |
||
|
Operation Mode |
Select Active-Passive or Active-Active to configure the FortiAnalyzer unit for HA. You can use Active-Active mode to create a geo-redundant solution. For more information, see Geo-redundant HA. Select Standalone to stop operating in HA mode. |
|
Preferred Role |
Select the preferred role when this unit first joins the HA cluster. If the preferred role is Primary, then this unit becomes the primary unit if it is configured first in a new HA cluster. If there is an existing primary unit, then this unit becomes a secondary unit. The default is Secondary so that the unit can synchronize with the primary unit. A secondary unit cannot become a primary unit until it is synchronized with the current primary unit. |
Cluster Virtual IP |
||
|
IP Address |
The IP address for which the FortiAnalyzer HA unit is to provide redundancy. |
|
Interface |
The interface the FortiAnalyzer HA unit uses to provide redundancy. |
|
Action |
Click the plus (+) to add another virtual IP. Click the x to remove a virtual IP from the list. |
Cluster Settings |
||
|
Peer IP |
Type the IP address of another FortiAnalyzer unit in the cluster. |
|
Peer SN |
Type the serial number of the FortiAnalyzer unit corresponding to the entered IP address. |
|
Action |
Click the plus (+) to add another FortiAnalyzer unit in the cluster. Click the x to remove a FortiAnalyzer unit from the cluster. |
|
Group Name |
Type a group name that uniquely identifies the FortiAnalyzer HA cluster. All units in a cluster must have the same Group Name, Group ID and Password. |
|
Group ID |
Type a group ID from 1 to 255 that uniquely identifies the FortiAnalyzer HA cluster. |
|
Password |
A password for the HA cluster. All members of the HA cluster must have the same password. |
|
Heart Beat Interval |
The time the primary unit waits between sending heartbeat packets, in seconds. The heartbeat interval is also the amount of time that secondary units waits before expecting to receive a heartbeat packet from the primary unit. By default, the Heart Beat Interval is set to 4. |
|
Heart Beat Interface |
Select the interface used to send heartbeat packets. |
|
Failover Threshold |
The number of seconds that one of the cluster units waits to receive HA heartbeat packets from other cluster units before assuming that the other cluster units have failed. This value corresponds to Heart Beat Interval x 3 and it is automatically updated based on the configured Heart Beat Interval. For example, the failure is detected after 12 seconds with the default settings:
The Heart Beat Interval can be increased or decreased to adapt to latency conditions of your network and to detect legitimate failures. |
|
Priority |
The priority or seniority of the secondary unit in the cluster. |
|
Log Data Sync |
This option is on by default. It provides real-time log synchronization among cluster members. |