Cable FortiAnalyzer directly to FG HA pair?

Question

We are installing a new HA pair of 501E's (v5.6) to replace some older FG's, and we're adding a FAZ 400E (v6.0) to the mix. No FAZ installed previously. I have one FAZ port on our mgmt VLAN and I can access it fine. I plan to use a separate FAZ port to receive the logging from the FG(s). Is there any way to cable the FAZ directly to the HA pair to receive logging? E.g., port10 on first 501E to FAZ port3 and port10 on second 501E to FAZ port4.

I don't see any internal switching capability in the FAZ to put two ports together with a single IP address. I don't see any layer 2 protocol options between FAZ & FG either. I don't have any other bright ideas. Has anyone attempted this with success?

If we use only one FAZ port then whatever switch module that port connects to is a single point of failure. All other devices of this significance in our network have redundant connections to different switch modules. We don't see the need for a 2nd FAZ as we will also be logging to the 501E internal disks and a separate syslog server too. I just want this cabling redundancy if the device design allows for it. Perhaps I should have thought of this before choosing the appliance over the VM license, but let's not dwell on that!

Thanks,

Fred

emnoc · Accepted Answer

I believe the hard appliance doesn't do LACP. Since the analyzer is NOT crucial for traffic flow I highly doubt FTNT will add this feature in. Open a Feature Request with sales and see what they say.

Ken Felix

ede_pfau · Answer

My 2 cents on that:Go for a single connection, and an intermediate switch.The passive cluster member gets the same FAZ IP address as the active member, always.I'd guess that a small sturdy, metal case 5- or 8-port switch won't die in the next years. Or partition an existing switch stack. The FAZ isn't redundant anyway. And doesn't need be, not as much as the FGTs.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded