Description
This article described the criteria to be met for FortiGate HA member to be auto group under the same device in the FortiAnalyzer.
It also applied to the FortiManager that enabled with FortiAnalyzer feature.
When there are multiple FortiGate(s) HA cluster are sending logs to the FortiAnalyzer, a consideration should be taken on the config attributes from the FortiGate to be auto group under the same unitname.
Take the following as an example where FortiGate#3 and FortiGate#4 which are being auto group under the same device name 'FW1'.
Even though, it is deleted from the unit , it will then again keeps added under the same device repeatedly if the FortiGate(s) end are sending the log.
Solution
To mitigate such issue, it is possible to disable HA auto grouping under the system global from the CLI as follows, it is enabled by default.
This article described the criteria to be met for FortiGate HA member to be auto group under the same device in the FortiAnalyzer.
It also applied to the FortiManager that enabled with FortiAnalyzer feature.
When there are multiple FortiGate(s) HA cluster are sending logs to the FortiAnalyzer, a consideration should be taken on the config attributes from the FortiGate to be auto group under the same unitname.
Take the following as an example where FortiGate#3 and FortiGate#4 which are being auto group under the same device name 'FW1'.
Even though, it is deleted from the unit , it will then again keeps added under the same device repeatedly if the FortiGate(s) end are sending the log.
When criteria of FortiGate HA Group Name + First 6 prefix of the FortiGate Serial Number are the same, all of the FortiGate will be auto group under a single HA cluster unit.
For example, the following FortiGate#3 and FortiGate#4 will then auto group into the existing unit if the criteria are matched.
HA Group Name: HA_GROUP
FortiGate#1: FGT5HD0000000001
FortiGate#2: FGT5HD0000000002
FortiGate#3: FGT5HD0000000003
FortiGate#4: FGT5HD0000000004
FortiGate#1: FGT5HD0000000001
FortiGate#2: FGT5HD0000000002
FortiGate#3: FGT5HD0000000003
FortiGate#4: FGT5HD0000000004
Solution
To mitigate such issue, it is possible to disable HA auto grouping under the system global from the CLI as follows, it is enabled by default.
# config system global
set ha-member-auto-grouping disable
end
