Skip to main content
AtiT
AtiT
New Member
May 22, 2018
Question

FortiAnalyzer Cluster in 6.0

  • May 22, 2018
  • 2 replies
  • 13521 views

Hello,

Did anyone tried to configure the cluster feature on the FortiAnalyzer in 6.0 version?

 

I cannot get it work. Only it seems that the two FAZ 1000E are in the cluster for a few minutes and after that the HA cluster DOWN, cause=keepalive failure log appears. They are not in cluster anymore.

Also the hearbeat interval has to be set to 1, other number is not working.

 

Could anyone give me some hint how to get it work?

 

    2 replies

    mantaransingh_FTNT
    Staff
    mantaransingh_FTNT
    Staff
    May 22, 2018

    Hi AtiT

     

    If the keepalive failure messages are getting generated, can you please check if there is any packet loss between peer network.

     

    Can you also try disabling the INITIAL Sync on the Master device and then form HA.

     

    Regards

    Mantaran Singh

    Fortinet TAC

     

    AtiT
    AtiTAuthor
    New Member
    May 23, 2018

    Hello,

    Thank you for your help.

     

    I tried to replace the cables and I also connected the 2 FAZs directly but not helped.

    I disabled the Initial sync on the both units and I can see in the logs that the both units are in Master mode and they are not synced, HA connection down.

     

    Maybe the HA feature has to be licensed...?

    AtiT
    AtiTAuthor
    New Member
    May 24, 2018

    Hello,

    I turned off the two untis yestarday and today when I turned them on I could see tha cluster working with the config sync OK.

    So I tried to enable log sync but I was not able to do it from the GUI -> Uknown error.

    I did it from the CLI but the situation is the same, logs are not synced.

     

    virtualj
    virtualj
    New Member
    August 16, 2018

    Hello,

    what version of FAZ do you use? Did you try the new 6.0.2? Can you tell me what protocol is used to sync the logs between the FAZs? Are they compressed?

    The VRRP IP must be in the same L2 I think... It is not possible to do an L3/geographic cluster?

    I'm really interested to this feature... If it works! ;)

     

    Thank you.

     

    Regards.

    AtiT
    AtiTAuthor
    New Member
    August 21, 2018

    Hello,

    I had the two FAZ 1000E only for a little time and I have no possibility to test it now as they are in production with 5.6.4 OS.

    Probably the best way would be to ask for two eval licenses the Fortinet and test the feature in virtual environment.

    Terms & ConditionsAccessibility statement