Description
This article describes that when HA-direct is enabled, FortiGate uses the HA management interface to send log messages to FortiAnalyzer and remote syslog servers, sending SNMP traps or connecting to FortiSandbox or FortiCloud.
Scope
FortiGate: logging, management interface.
Solution
HA management interface is required before enabling HA-direct:
config system ha
set ha-mgmt-status enable
config ha-mgmt-interface
edit <x>
set interface <interface name>
set gateway <xxx.xxx.xxx.xxx>
next
end
Related article:
Afterwards, enable HA-direct globally:
config system ha
set ha-direct enable
end
The default value of the 'ha-direct' is set to 'disable' under the HA system configuration in the CLI. In many cases, HA-direct can also be enabled only for appropriate features. For example, in SNMPv3:
config system snmp user
edit snmpv3-user
set ha-direct enable
next
end
Ha-direct can also be enabled for SNMPv2.
config system snmp community
edit 1
config hosts
edit 1
set ha-direct enable
end
end
Note:
- This setting alters the traffic flow. Enabling it may cause timeouts to occur due to an unresponsive FortiGate. This occurs because the response to a request is sent on a different interface, where the packet may not be routed back to the requester, resulting in a request timeout.
- If the HA-Direct is enabled for the Syslogs Server, the FortiGate will use the MGMT interface to communicate with the Syslog Server, and in the FortiGate, it is not possible to specify the Source IP in the Syslog configuration.
See Technical Tip: When 'ha-direct' is enabled, the 'source-ip' setting will not work on the syslog conf...
If the Firewall is set to run SNMP from the MGMT interface but should also send logs to the Syslog server, HA-direct must be enabled under the SNMP community configuration, but disabled under the HA settings. Otherwise, syslog traffic might not work.