Description |
Sometimes FortiAnalyzer may incorrectly show FortiGates in the same cluster. |
Scope | For version, 6.0.x, 6.2.x, 6.4.x,7.0.x, |
Solution |
When several FortiGates in a high-availability cluster are submitting logs to the FortiAnalyzer, the config attributes from the FortiGate should be auto-grouped under the same unit name.
config system ha set group-id 10 set group-name "LAB" set mode a-p set password set hbdev "internal1" 0 "internal2" 0 set session-pickup enable set link-failed-signal enable set ha-mgmt-status enable config ha-mgmt-interface edit 1 set interface "internal4" set gateway 192.168.229.6 next end set override disable set priority 142 end
Even if FortiGate is removed from the FortiAnalyzer, it will be added to the same unit again and again if the FortiGate(s) end is transmitting the log.
By default, FortiAnalyzer uses the HA group name configured on the FortiGates for determining which cluster to place them in.
Each FortiGate cluster must have a unique group name for auto-grouping.
To mitigate such issue, it is possible to disable HA auto grouping under the system global from the CLI as follows, it is enabled by default. config system global
Another mitigation step is giving a unique HA group name to each FortiGate cluster. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.