Technical Tip: Activate FortiCloud account in a FortiGate High Availability cluster.
Description
This article covers the registration of a cluster to allow the FortiGate Cluster to log to FortiCloud.
Scope
FortiGate.
Solution
To register a cluster of two or more FortiGates with FortiCloud, the following should be considered:
- To use the full functionality of FortiCloud for logging and reporting purposes, each cluster member requires its own FortiCloud license.
- All cluster members need to have the FortiCloud registration information so logging will continue in the event of a failover.
The following steps should be performed to ensure that a FortiGate cluster can log to FortiCloud without issue:
- Schedule downtime.
- Disconnect the cluster units.
- Ensure only one node is connected to the network at any one time to avoid a split-brain scenario.
- Connect each FortiGate in turn and input the FortiCloud registration, then register them with FortiCloud; repeat this with each cluster node separately.
- To register the unit: Go to the dashboard and select FortiCloud registration in the License widget.
- Once each cluster unit has been registered, reconnect the cluster and wait a few minutes for synchronization.
- Afterwards, verify on the master unit that the unit is registered with FortiCloud.
- Logs should now start to be seen for the master unit (and thus the entire cluster) in FortiCloud.
- The current logs for the cluster will be found in the FortiCloud device entry for the current master unit.
Note: If the cluster nodes are not disconnected during this procedure, it is possible that login information on one cluster node will be overwritten from another cluster node.
Note: FortiCloud does not detect if FortiGates are in a cluster; for this reason, each unit must be registered separately, and logs from each unit will be kept separately.
Note: FortiCloud does not detect if FortiGates are in a cluster; for this reason, each unit must be registered separately, and logs from each unit will be kept separately.
Note: In an HA cluster, all FortiGate devices must be licensed and registered with FortiCloud. If the secondary unit is unlicensed, manual updates and activation may fail.