Logmanager with High Availability
Requirements:
- Logmanager servers set in master - slave mode,
- Supported network router.
Router is checking availability of Logmanager master server (IP address 192.168.0.20 - Logmanager-1-PRIMARY). If he finds that the address is not available, it redirects the traffic to the Logmanager slave server (IP address 192.168.0.21 - Logmanager-1-SECONDARY). Virtual IP address (100.127.151.254) will be still available for logs. As soon as the Logmanager master server will be available, traffic is redirected back to the original Logmanager master server.
Communication scheme - normal state
Communication scheme - unavailable Logmanager master server
In the menu Network ‣ IP addresses add same virtual IP address for both Logmanager servers.
IP address master server settings
IP address of master server 192.168.0.20 is on the image. Address 100.127.151.254 is virtual address and it is the same for both Logmanager servers.
In menu Network ‣ Routes set IP address of default gateway.
Default gateway settings
In the menu Network ‣ IP addresses add same virtual IP address for both Logmanager servers.
IP address slave server settings
IP address of master server 192.168.0.21 is on the image. Address 100.127.151.254 is virtual address and it is the same for both Logmanager servers.
In menu Network ‣ Routes set IP address of default gateway.
Default gateway settings
Both Logmanager servers have the same secondary IP address, access to the Logmanager will be shared by both (in this case 100.127.151.254/30).
Fortigate determines by availability to which Logmanager will the traffic be forwarded:
- If both Logmanager servers will be available, Fortigate will forward traffic to the Logmanager, which has lower priority in the routing table.
- In case of outage of the master Logmanager, Fortigate redirects the traffic to the slave Logmanager.
- As soon as the Logmanager master will be available again, it will become primary again.
config router static
edit 2
set dst "<Logmanager_virtual_IP_address>" 255.255.255.255
set gateway "<Logmanager_master_IP_address>"
set device "internal"
set comment "LM-1"
next
edit 3
set dst "<Logmanager_virtual_IP_address>" 255.255.255.255
set gateway "<Logmanager_slave_IP_address>"
set distance 100
set device "internal"
set comment "LM-2"
next
end
Logmanager_master_IP_address is IP address of your Logmanager master server.
Logmanager_slave_IP_address is IP address of your Logmanager slave server.
Logmanager_virtual_IP_address is virtual IP address of your Logmanager servers.
config system link-monitor
edit "LM-primar"
set srcintf "internal"
set server "<Logmanager_master_IP_address>"
set protocol ping
set gateway-ip "<Logmanager_master_IP_address>"
set source-ip 0.0.0.0
set interval 5
set timeout 1
set failtime 5
set recoverytime 5
set ha-priority 1
set update-cascade-interface disable
set update-static-route enable
set status enable
next
edit "LM-backup"
set srcintf "internal"
set server "<Logmanager_slave_IP_address>"
set protocol ping
set gateway-ip "<Logmanager_slave_IP_address>"
set source-ip 0.0.0.0
set interval 5
set timeout 1
set failtime 5
set recoverytime 5
set ha-priority 1
set update-cascade-interface disable
set update-static-route enable
set status enable
next
end
Logmanager_master_IP_address is IP address of your Logmanager master server.
Logmanager_slave_IP_address is IP address of your Logmanager slave server.
Both Logmanager servers have the same secondary IP address, access to the Logmanager will be shared by both (in this case 100.127.151.254/30).
interface Vlan700
# LAN for Logmanager servers
ip address 192.168.0.1 255.255.255.0
end
ip sla 1
# ICMP Echo Operation
icmp-echo "<Logmanager_master_IP_address>" source-interface Vlan700
# Timeout in milliseconds
timeout 1000
# Millisecond threshold value
threshold 2
# Frequency in seconds (default 60)
frequency 3
Logmanager_master_IP_address is IP address of your Logmanager master server.
# IP SLAs Entry Scheduling
ip sla schedule 1 life forever start-time now
# Response Time Reporter (RTR) entry
track 1 rtr 1 reachability
# Install route depending on tracked item
ip route "<Logmanager_virtual_IP_address>" 255.255.255.255 "<Logmanager_master_IP_address>" track 1
ip route "<Logmanager_virtual_IP_address>" 255.255.255.255 "<Logmanager_slave_IP_address>" 10
Logmanager_master_IP_address is IP address of your Logmanager master server.
Logmanager_slave_IP_address is IP address of your Logmanager slave server.
Logmanager_virtual_IP_address is virtual IP address of your Logmanager servers.
The network connection settings are required to work properly in cluster mode. Cluster configuration can be found here: Cluster