Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Forti_Newbie
New Contributor

Machine Learning in active-active HA FortiWeb

Good Day!

I have four appliances FortiWeb (6.3.19) working in Standard Active-Active HA and I want to configure Machine Learning as additional security mechanism. Admin guide has one weird limitation "Machine learning is not fully supported when FortiWeb is deployed in active-active HA mode. It doesn't work on the secondary node; On the primary node, it works but not always stable, for example, after system reboot or HA role switch, the machine learning may stop working.". I understand correctly that ML will work only on Master role appliance and traffic that routes via secondary appliances will not analyze?
https://docs.fortinet.com/document/fortiweb/6.3.19/administration-guide/193258/machine-learning

 

I didn't find any information about this limitation for v.6.4.2 release. Do you known may be it was fixed there?

2 REPLIES 2
amouawad
Staff
Staff

Not sure about 6.4, but I know that 7.0 supports machine learning in HA but depends on what type of HA you configure.

 

From the admin guide: https://docs.fortinet.com/document/fortiweb/7.0.1/administration-guide/435480/synchronization

 

Machine learning data—Machine learning database is synchronized from the primary node to the secondary node in Active-Passive mode. The data is synchronized every 10 minutes.
In Active-Active mode, only machine learning Anomaly Detection database is synchronized. Bot Detection and API Protection database is not synchronized

Forti_Newbie

I understand correctly that secondary nodes in cluster just synchronize Anomaly Detection database from Master? Do they have independent ML process and sample collection?

Labels
Top Kudoed Authors