Configuring High Availability and Disaster Recovery in FortiSOAR

发布于 / 英文文章 / 0 条评论

Overview

High Availability (HA) and Disaster Recovery (DR) are critical components for ensuring that your FortiSOAR environment remains resilient and operational even under adverse conditions. FortiSOAR provides a comprehensive clustering solution using HA clusters, ensuring data replication and system availability.

High Availability and Disaster Recovery Support in FortiSOAR

FortiSOAR allows you to achieve high availability by creating HA clusters consisting of multiple nodes. The primary node is active, while the remaining nodes can be either active or passive depending on the configuration.

Types of High Availability Supported

FortiSOAR supports two main configurations of HA:

  • Active-Active: In this setup, multiple nodes actively handle requests, ensuring load balancing and high scalability. A proxy or load balancer should be used to evenly distribute the loads.
  • Active-Passive: Here, one or more passive nodes are in standby, ready to take over if the primary node fails.

Configuring High Availability

To configure high availability with an internal PostgreSQL database, follow these steps:

  1. Ensure all prerequisites are met, such as version consistency across nodes and DNS resolvability.
  2. Use the FortiSOAR Admin CLI (csadm) to run the command:
  3. # csadm ha
  4. Configure the primary node and then add secondary nodes as follows:
  5. # csadm ha join-cluster --status  --role secondary --primary-node 

Steps for Externalized PostgreSQL Database

If using an external PostgreSQL database, follow these additional steps:

  1. Externalize the PostgreSQL database for the primary node.
  2. Ensure the secondary nodes hostnames are added to the allowlist.
  3. Create the cluster by following internal database HA steps.

Performing a Takeover

To perform a takeover when the active primary node is down:

  • Run the command on the secondary node intended to become the primary:
# csadm ha takeover
  • If prompted, ensure other nodes join back the cluster or reconfigure them manually using:
  • # csadm ha join-cluster

    Viewing and Updating Licenses

    To update licenses for an HA cluster, use the following steps:

    1. Navigate to the License Manager page.
    2. Click ‘Update License’ for the respective node and upload the new license.
    3. Ensure licenses are not duplicated across environments to avoid FortiSOAR UI blockages.

    Monitoring and Health Checks

    Configuring system and cluster health monitoring is essential. HA heartbeat packets are exchanged among nodes to monitor statuses, and notifications are generated if any node encounters issues.

    To configure monitoring:

    • Go to System Configuration > General > System & Cluster Health Monitoring > Cluster Health Section.
    • Enable monitoring of heartbeats for the desired nodes.

    Conclusion

    Configuring High Availability and Disaster Recovery in FortiSOAR ensures that your system remains operational and performant even in the face of failures. Following the above steps and regularly monitoring the health of your HA cluster will help maintain system reliability and data integrity.

    For more detailed instructions, visit the official FortiSOAR documentation.

    转载原创文章请注明,转载自: Pikachu Hacker » Configuring High Availability and Disaster Recovery in FortiSOAR
    Not Comment Found