Fortinet white logo
Fortinet white logo

FortiAnalyzer HA recommendation

FortiAnalyzer HA recommendation

When deploying FortiAnalyzer in a multitenant environment, high availability (HA) should be considered. This HA consists of a minimum of two FortiAnalyzer units to a maximum of four FortiAnalyzer units. These FortiAnalyzer units are configured in VRRP HA. The FortiGate(s) send the logs to the VIP or FQDN set on the FortiAnalyzer VRRP HA deployment.

A FortiAnalyzer HA cluster provides the following features:

  • Provides real-time redundancy in case a FortiAnalyzer primary unit fails. If the primary unit fails, another unit in the cluster is selected as the primary unit.
  • Synchronizes logs and data securely among multiple FortiAnalyzer units. Some system and configuration settings are also synchronized.
  • Alleviates the load on the primary unit by using secondary (backup) units for processes, such as running reports and FortiView dashboards.

A FortiAnalyzer HA cluster can have a maximum of four units, one primary unit with up to three secondary units. All units in the cluster must be the same FortiAnalyzer model. They need to be in the same network and running in the same operation mode: Analyzer or Collector.

For more details on the Analyzer or Collector mode, see the FortiAnalyzer Admin Guide.

Even though it is an active/passive HA setup, the secondary FortiAnalyzer(s) still participates in a round-robin load share for report creation and SQL query—used to populate the various FortiView dashboards. The main benefit of this mode is the overall performance improvement.

When introducing FortiPortal as the presentation layer of the solution, FortiPortal will use the VIP of the HA FortiAnalyzer to retrieve the logging information. The following example illustrates that cluster VIP 192.168.244.222 is used to manage FortiAnalyzer in FortiPortal.

FortiAnalyzer HA recommendation

FortiAnalyzer HA recommendation

When deploying FortiAnalyzer in a multitenant environment, high availability (HA) should be considered. This HA consists of a minimum of two FortiAnalyzer units to a maximum of four FortiAnalyzer units. These FortiAnalyzer units are configured in VRRP HA. The FortiGate(s) send the logs to the VIP or FQDN set on the FortiAnalyzer VRRP HA deployment.

A FortiAnalyzer HA cluster provides the following features:

  • Provides real-time redundancy in case a FortiAnalyzer primary unit fails. If the primary unit fails, another unit in the cluster is selected as the primary unit.
  • Synchronizes logs and data securely among multiple FortiAnalyzer units. Some system and configuration settings are also synchronized.
  • Alleviates the load on the primary unit by using secondary (backup) units for processes, such as running reports and FortiView dashboards.

A FortiAnalyzer HA cluster can have a maximum of four units, one primary unit with up to three secondary units. All units in the cluster must be the same FortiAnalyzer model. They need to be in the same network and running in the same operation mode: Analyzer or Collector.

For more details on the Analyzer or Collector mode, see the FortiAnalyzer Admin Guide.

Even though it is an active/passive HA setup, the secondary FortiAnalyzer(s) still participates in a round-robin load share for report creation and SQL query—used to populate the various FortiView dashboards. The main benefit of this mode is the overall performance improvement.

When introducing FortiPortal as the presentation layer of the solution, FortiPortal will use the VIP of the HA FortiAnalyzer to retrieve the logging information. The following example illustrates that cluster VIP 192.168.244.222 is used to manage FortiAnalyzer in FortiPortal.