| Description | This article describes the uses of FotiAnalyzer to help trigger failover when high CPU usage occurs. As known at this moment, there is no mechanism to trigger HA failover when during high CPU usage. |
| Scope | FortiGate and FortiAnalyzer with IOC license. |
| Solution |
On FortiGate site:
Step 1: Create trigger.
Choose webhook and provide a name:
URL for webhook is created and select 'OK':
Step 2: Create Action:
Step 3: create a stitch.
On the FortiAnalyzer site:
Step 1: Create an event handler for CPU usage under FortiSoC -> Event Handler and search for CPU:
'Right-click' 'Default-NOC-System-Events' and clone. Edit the cloned Event handler by enabling status, change meaningful name and remove all the rules except CPU:
Edit the CPU consumption detection, set the duration of the handler and change the CPU threshold:
Step 2: create Playbook. Before creating a playbook, make sure the connector is updated with the webhook created on the FortiGate:
Once the automation rule is there in Connector, go to playbook and create new playbook:
Select 'EVENT_TRIGGER':
Select '+' and set the basic event handler and choose the CPU usage handler created in step 1.
Select and drag the blue half circle for next action and choose FortiOS:
Give the Task name and set the playbook information and save the playbook:
Failover test. Step 1: Simulate the CPU to reach the threshold:
Step 2: Check the event handler trigger. After 5 minutes, the Event handler will triggered as FortiGate will generate performance statistics logs every 5minutes:
Step 3: make sure the playbook is run:
Step 4: Check the FortiGate failover. Now the 'FG2' is the master.
|
