Replacing the FortiAnalyzer
To replace the FortiAnalyzer:
- Create a new FortiAnalyzer resource in Azure in a location accessible by the FortiGate-VM in Subnet 1.
- Upload a valid license for the FortiAnalyzer. For details on how to do so, refer to the section Uploading files to the Storage account.
- Log in into the FortiAnalyzer-VM.
- (Optional) Restore a configuration from a backup.
- If necessary, create an admin user for FortiGate Autoscale to use. To retrieve the ones from the initial deployment, refer to the section Retrieving the FortiAnalyzer administrator username and password.
- Update the FortiAnalyzer public IP address resource by first dissociating the public IP address from the previous FortiAnalyzer and then associating the public IP address with the new FortiAnalyzer.
- If it is necessary to replace the public IP address, you will need to:
- Locate the Settings item with key: faz-ip. For details, refer to the section Modifying the Autoscale settings in Cosmos DB.
- Update the value to the new public IP address.
- Wait up to 60 seconds for the change to become effective.
Retrieving the FortiAnalyzer administrator username and password
During the initial deployment, these were specified in the template parameters FortiAnalyzer Autoscale Admin Username and FortiAnalyzer Autoscale Admin Password. These values can be retrieved after deployment using each of these methods:
- Look them up in the deployment Inputs. For details, refer to the section Locating deployment Outputs.
- Use the FortiAnalyzer CLI commands:
config system admin user
show
The first line of the output contains the FortiAnalyzer Autoscale Admin Username. - Retrieve them from Key Vault > secrets. The FortiAnalyzer Autoscale Admin Username is stored as faz-autoscale-admin-username. For details, refer to the section Viewing and modifying secrets in the Key vault.
Viewing and modifying secrets in the Key vault
The first time you load the Key vault Secrets, you may need to grant permissions to your account.
To locate the Key vault secrets:
- Load the Autoscale resource group. For details, refer to the section To load a resource group:.
- Click the name of the item of type Key vault.
- From the navigation column, under Settings, select Secrets.
- If the warning “You are unauthorized to view these contents” is displayed, you will need to grant permissions to your account. For details on how to do this, refer to the section To grant permissions to your account:.
To grant permissions to your account:
- From the navigation column, under Settings, select Access Policies.
- From the right hand pane, click + Add Access Policy.
- For Configure from template (optional), select Secret Management.
- For Select principal *, click None selected and choose your account.
- Leave the Authorized application as is.
- Click Add.
- Click Save to apply the changes of granting your account permissions to the Secrets.
To view a stored secret:
- Click the secret you want to modify. In the example below, faz-autoscale-admin-username is selected.
- Click the item under CURRENT VERSION.
- Click Show Secret Value.
- In this example, the secret value is autoscale-admin.
To modify a secret:
- Click the secret you want to view. In the example below, faz-autoscale-admin-password is selected.
- Click + New Version.
- Enter the new secret in the Value * field and then click Create.