FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
singhl
Staff
Staff
Article Id 412502
Description

 

This article describes how to configure an HA cluster in AWS when EC2 instances are in a private network and do not have a public IP address or internet access.

 

Scope

 

FortiAnalyzer, AWS.

 

Solution

 

  1. Follow the first 7 steps from Technical Tip: Configuring FortiManager HA in AWS with VRRP and no internet access, as they are the same for FortiAnalyzer.
  2. Configure HA settings on both FortiAnalyzer instances. Make sure 'initial sync' is disabled for the instance intended to be primary and is enabled for the other.

 

Note:

 When the HA Cluster is formed, the secondary will perform a reboot and rebuild the log database. Wait for a few minutes.

 

faz_ha_setting.png

 

  1. Upload all the AWS Root CA certs to the Primary. Certificates can be downloaded from Amazontrust_repository. When HA failover happens, the private IP set as VIP will be transferred to the new primary FortiAnalyzer automatically.

 

Related document:

About FortiAnalyzer for AWS