Description
This article explains how to configure and troubleshoot issues with FortiAnalyzer HA.
Scope
FortiAnalyzer.
Solution
Pre-request:
- A Layer-2 connection between Primary-FortiAnalyzer and Secondary-FortiAnalyzer is mandatory to communicate through Cluster Virtual IP via VRRP.
- If Primary-FortiAnalyzer and Secondary-FortiAnalyzer are in different locations then connected via MPLS link.
- FortiAnalyzer HA is using VRRP for the floating IP of the cluster members.
- Each FortiAnalyzer that will be part of the VRRP HA cluster must have a valid product license.
Sample Diagram with Port & IP Configuration:
Note: Virtual IP should be the same in both Primary and Secondary devices.
On FortiAnalyzer-Primary device:
System Settings -> HA -> Operation mode select 'High Availability'.
Configure the following details:
Preferred Role: Primary.
Cluster Virtual IP:
Interface: port1.
IP Address: 10.109.21.123 (make sure this IP is not used in the network).
Cluster Settings:
Peer IP: 10.123.5.198 (Secondary FortiAnalyzer IP address).
Peer SN: FAZVMXXXXXX (Secondary FortiAnalyzer Serial Number).
Group Name: HA (Any name can be given, but should be the same on Pri & Sec).
Group ID: 9 (Any number (1-255) can be given, should be the same on Pri & Sec).
Password: Fortinet@123 (Can give any password, but should be the same on Pri & Sec).
Heart Beat Interval: 1.
Priority: 120 (Higher Value states as Primary device).
Log Data Sync: Enable the toggle option.
On FortiAnalyzer-Secondary device:
System Settings -> HA -> Operation mode select 'High Availability'.
Configure the following details:
Preferred Role: Secondary.
Cluster Virtual IP:
Interface: port1.
IP Address: 10.109.21.123 (make sure this IP is not used in the network).
Cluster Settings:
Peer IP: 10.123.5.189 (Secondary FortiAnalyzer IP address).
Peer SN: FAZVMXXXXXX (Secondary FortiAnalyzer Serial Number).
Group Name: HA (Any name can be given, but should be the same on Pri & Sec).
Group ID: 9 (Any number (1-255) can be given, should be the same on Pri & Sec).
Password: Fortinet@123 (Can give any password, but should be the same on Pri & Sec).
Heart Beat Interval: 1.
Priority: 100 (Lower Value states as Secondary device).
Log Data Sync: Enable the toggle option.
After configuring Primary & Secondary this output on GUI can be seen.
Troubleshooting Commands:
On Primary-FortiAnalyzer:
diag ha status
get system ha
On Secondary-FortiAnalyzer:
diag ha status
get system ha
With these 2 commands, troubleshoot the status and the configured values for FortiAnalyzer-HA.
Restart the Cluster Process and collect its debug output:
After checking the configuration settings, restart the clustering process on both Primary & Secondary devices.
diagnose test application clusterd 1
diagnose test application clusterd 99
Also, collect the cluster debug output on both Primary & Secondary devices.
diagnose debug application clusterd 255
diagnose debug enable
Related Documents:
Setting up a FortiAnalyzer HA cluster
Technical Tip: How to configure FortiAnalyzer HA instance in Google Cloud Platform (GCP)
