Hello,
Did anyone tried to configure the cluster feature on the FortiAnalyzer in 6.0 version?
I cannot get it work. Only it seems that the two FAZ 1000E are in the cluster for a few minutes and after that the HA cluster DOWN, cause=keepalive failure log appears. They are not in cluster anymore.
Also the hearbeat interval has to be set to 1, other number is not working.
Could anyone give me some hint how to get it work?
AtiT
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi AtiT
If the keepalive failure messages are getting generated, can you please check if there is any packet loss between peer network.
Can you also try disabling the INITIAL Sync on the Master device and then form HA.
Regards
Mantaran Singh
Fortinet TAC
Hello,
Thank you for your help.
I tried to replace the cables and I also connected the 2 FAZs directly but not helped.
I disabled the Initial sync on the both units and I can see in the logs that the both units are in Master mode and they are not synced, HA connection down.
Maybe the HA feature has to be licensed...?
AtiT
Hello,
I turned off the two untis yestarday and today when I turned them on I could see tha cluster working with the config sync OK.
So I tried to enable log sync but I was not able to do it from the GUI -> Uknown error.
I did it from the CLI but the situation is the same, logs are not synced.
AtiT
Hello,
what version of FAZ do you use? Did you try the new 6.0.2? Can you tell me what protocol is used to sync the logs between the FAZs? Are they compressed?
The VRRP IP must be in the same L2 I think... It is not possible to do an L3/geographic cluster?
I'm really interested to this feature... If it works! ;)
Thank you.
Regards.
NSE 7
Hello,
I had the two FAZ 1000E only for a little time and I have no possibility to test it now as they are in production with 5.6.4 OS.
Probably the best way would be to ask for two eval licenses the Fortinet and test the feature in virtual environment.
AtiT
Good idea.
I've done two FAZ VM and configured HA.
It seems that the cluster needs an L2 shared because it uses VRRP for cluster IP (to configure in the fortigates).
But the cluster synchronization is done also on geographic L3 link (it requires only the IP of the other FAZ and SN). The configuration sync is done on the port TCP 5199, while log sync is done in TCP 514. It is encrypted, but I don't think it is compressed.
All seems functional and very beautifull! Hope it works well in production too :) Cluster is up from 25 minutes, I've only one devices connected and few logs
NSE 7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.