FortiAnalyzer: Replacing FortiGate HA Pairs with Logging Enabled

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

This recipe describes how to replace the primary and secondary FortiGate units in a high-availability (HA) pair, that are sending logs to FortiAnalyzer, when the connection to FortiAnalyzer goes down.

When the FortiGate units in an HA pair are synchronized and added to FortiAnalyzer, two members are displayed in the HA Cluster list in FortiAnalyzer.

In this example, FGT 60D4614007024 is the primary unit, but the connection to FortiAnalyzer is down.

To Replace the Primary Unit:

In FortiAnalyzer, do not delete the original primary FortiGate unit; if you do, you will lose logs associated with the device being replaced. Instead, add the new primary FortiGate unit to the HA Cluster list.

You can delete the original primary FortiGate unit at a later time, when the logs are no longer needed.

The FortiAnalyzer GUI displays three units in the HA Cluster List. It appears that the original FortiGate unit remains the primary unit in the HA cluster.

However, the new primary FortiGate unit in the HA cluster informs FortiAnalyzer which of the three units is the master.

If you would like to see the new primary FortiGate unit as the current device, change the device name in FortiAnalyzer. If the unit being replaced was the original master, the cluster’s device name may show the serial # of this device. If you wish, you can edit the cluster to reflect the serial # of the new device.

The process is the same if you want to replace the secondary unit in an HA pair.

 

  • Was this helpful?
  • Yes   No