Overview
High Availability (HA) and Disaster Recovery (DR) are critical components for ensuring that your FortiSOAR environment remains resilient and operational even under adverse conditions. FortiSOAR provides a comprehensive clustering solution using HA clusters, ensuring data replication and system availability.
High Availability and Disaster Recovery Support in FortiSOAR
FortiSOAR allows you to achieve high availability by creating HA clusters consisting of multiple nodes. The primary node is active, while the remaining nodes can be either active or passive depending on the configuration.
Types of High Availability Supported
FortiSOAR supports two main configurations of HA:
- Active-Active: In this setup, multiple nodes actively handle requests, ensuring load balancing and high scalability. A proxy or load balancer should be used to evenly distribute the loads.
- Active-Passive: Here, one or more passive nodes are in standby, ready to take over if the primary node fails.
Configuring High Availability
To configure high availability with an internal PostgreSQL database, follow these steps:
- Ensure all prerequisites are met, such as version consistency across nodes and DNS resolvability.
- Use the FortiSOAR Admin CLI (csadm) to run the command:
- Configure the primary node and then add secondary nodes as follows:
# csadm ha
# csadm ha join-cluster --status--role secondary --primary-node
Steps for Externalized PostgreSQL Database
If using an external PostgreSQL database, follow these additional steps:
- Externalize the PostgreSQL database for the primary node.
- Ensure the secondary nodes hostnames are added to the allowlist.
- Create the cluster by following internal database HA steps.
Performing a Takeover
To perform a takeover when the active primary node is down:
- Run the command on the secondary node intended to become the primary:
# csadm ha takeover
# csadm ha join-cluster
Viewing and Updating Licenses
To update licenses for an HA cluster, use the following steps:
- Navigate to the License Manager page.
- Click ‘Update License’ for the respective node and upload the new license.
- Ensure licenses are not duplicated across environments to avoid FortiSOAR UI blockages.
Monitoring and Health Checks
Configuring system and cluster health monitoring is essential. HA heartbeat packets are exchanged among nodes to monitor statuses, and notifications are generated if any node encounters issues.
To configure monitoring:
- Go to System Configuration > General > System & Cluster Health Monitoring > Cluster Health Section.
- Enable monitoring of heartbeats for the desired nodes.
Conclusion
Configuring High Availability and Disaster Recovery in FortiSOAR ensures that your system remains operational and performant even in the face of failures. Following the above steps and regularly monitoring the health of your HA cluster will help maintain system reliability and data integrity.
For more detailed instructions, visit the official FortiSOAR documentation.