Help
FortiSIEM Discussions
gauravpawar
New Contributor II

Created on ‎01-27-2025 04:35 AM

Multi-Site HA Deployment Implementation in FortiSIEM 7.3.0

How can I achieve Multi-Site (Primary and Secondary)  HA Deployment with following 

3 Supervisors without DB

3 DB servers

3 Keepers

2 workers

with version 7.3.0 

Labels:
299
0 Kudos
1 Solution
FSM_FTNT
Staff
Staff

Created on ‎01-28-2025 12:51 PM

You can use the KVM hypervisor.

For the HA deployment, I would suggest that you start with the following. As you only have two workers and 3 super nodes, it is unlikely from a performance perspective you will need separate CMDB/DB nodes

3 Supervisors with DB

3 Keepers

2 workers

with version 7.3.0

View solution in original post

256
6 REPLIES 6
aebadi
Staff
Staff

Created on ‎01-27-2025 06:29 AM Edited on ‎01-27-2025 06:30 AM

Hello, Please look to our guide that goes over these setups: 
https://docs.fortinet.com/document/fortisiem/7.3.0/high-availability-and-disaster-recovery-procedure...

287
0 Kudos
gauravpawar
New Contributor II
In response to aebadi

Created on ‎01-27-2025 11:08 PM

Does KVM installation support this ?  

269
0 Kudos
FSM_FTNT
Staff
Staff

Created on ‎01-28-2025 12:51 PM

You can use the KVM hypervisor.

For the HA deployment, I would suggest that you start with the following. As you only have two workers and 3 super nodes, it is unlikely from a performance perspective you will need separate CMDB/DB nodes

3 Supervisors with DB

3 Keepers

2 workers

with version 7.3.0

257
gauravpawar
New Contributor II
In response to FSM_FTNT

Created on ‎01-28-2025 09:42 PM

@FSM_FTNT  thanks for the guidance, really appreciated   

242
0 Kudos
gauravpawar
New Contributor II
In response to FSM_FTNT

Created on ‎01-28-2025 10:25 PM

@FSM_FTNT I have one more question: Does the setup you suggested function as an automated HA? According to the documentation, "automated HA is supported for hardware appliances, ESX-based VMs, and AWS public cloud." Or will it follow the Leader/Follower Supervisor configuration, as seen in version 7.2.4? Additionally, if the Leader Supervisor goes down, do we need to manually run the script on the Follower node? Also, do we need to add a virtual IP in the DB cluster configuration for this?

236
0 Kudos
FSM_FTNT
Staff
Staff
In response to gauravpawar

Created on ‎01-29-2025 05:20 AM

you can think of it as two tiers:

1) FortiSIEM Super & CMDB
2) FortiSIEM ClickHouse.

Each tier provides its own resilient/HA capabilities.

At tier 1, the Supervisor level, you need 3 Super nodes, and you need to run version 7.3.0 or later for automated failover. Prior versions required a manual step to promote a Super node to a leader.

At tier 2, the ClickHouse level, you have the 2 replicas (if you lose one, data should be in the other, which also increases query performance) and the 3 keepers. The 3 keepers are important for failover as you need 3 for the quorum negotiation. If you lose one of the 3 keepers and one of the worker replicas, failover will be automatic.

215
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.