FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
TAlKhatib
Staff
Staff
Article Id 191386

Description

 

This article explains how to add a new Collector Agent for high availability or migrate from an old Collector Agent server to a new one.


Scope


FortiGate, FSSO Collector Agent (FSAE), DC Agent.


Solution


Most of the steps are the same as installing the collector agent the first time. However, some steps differ:

Adding a new Collector Agent:

1) Install the Collector Agent on the new server. 

2) Select "Show Monitored DCs" and ensure that all domain controllers are selected.  This will push the DC agent to all domain controllers.

3) Select "Sync with other Collector Agents" to get the monitored groups, ignored users, etc.

4) On the FortiGate, go to Security Fabric > External Connectors > Edit the existing connector.

5) Add the new Collector Agent IP to the list. That is, add the new server as part of the existing one. Do not create a new FSSO Connector.

 

CarlosColombini_0-1678036510386.png

 

Migrating to a new server:

1) Install the Collector Agent on the new server.

2) Select "Show Monitored DCs" and ensure that all domain controllers are selected.  This will push the DC agent to all domain controllers.

3) Select "Sync with other Collector Agents" to get the monitored groups, ignored users, etc.

4) On the FortiGate, go to User -> Directory Service, edit the server already created and change the IP address of the Collector Agent to the new server.

 

Note:
Users currently logged in will need to log out and log in again.


DC agents must now be configured to stop sending logon events to the old Collector Agent. This can be done with the Registry Editor.

1) Run 'regedit' and navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FSAE\dcagent\ca] on the domain controllers where the DC agents are installed.

2) There will me registry keys for both the new and old Collector Agents.

3) Backup (export) and delete the registry keys for the old Collector Agent.

 

Note:
This is not reinstalling the DC agent. It is instead editing the registry of the Collector Agent so that logon events are forwarded to the new Collector Agent.


Related KB articles:
Technical Tip: FSSO Collector agent redundancy with two Windows AD and two Fortinet DC Agents
Technical Tip: How to export and restore Collector Agent configuration
Technical Tip: Upgrading FSSO Agents