GCP Collector Deployments

This Case covers the situation where your Collectors are deployed on GCP.

To use the Collector HA feature with GCP, after configuring your collectors, you will need to create an instance group, create a load balancer, and apply the instance group, check and configure the load balancer so FortiSIEM can monitor and report the load balancer's health status. The final step is to add the load balancer to your FortiSIEM configuration so High Availability is achieved via load balancing mechanisms.

During normal operations:

  • Logs sent to the Load Balancer are distributed among the Collectors in the Cluster.

  • FortiSIEM Supervisor node distributes event pulling and performance monitoring jobs among all Collectors in the Cluster.

  • Job distribution is handled via Round Robin.

If a Collector goes down, then:

  • Load Balancer will skip the failed Collector and distribute logs among other Collectors.

  • FortiSIEM Supervisor node will automatically re-distribute event pulling and performance monitoring jobs previously assigned to the failed Collector, to other Collectors in the Cluster.

Step 1 - Configure Collectors

Configure Collectors as normal.

Step 2 - Create Instance Group

  1. Go to the Instance Group page - https://console.cloud.google.com/compute/instanceGroups?_ga=2.213011796.1727950196.1712175609-895679178.1667947390
  2. Click CREATE INSTANCE GROUP.
  3. In the left pane, select New unmanaged instance group.
  4. In the Name field, enter a name for the instance group.
  5. From the Location drop-down list, select a region.

  6. From the Zone drop-down list, select a zone.
  7. From the Network drop-down list, select default.
  8. From the Subnetwork drop-down list, select default.
  9. From the VM instances drop-down list, select the collectors you wish to include as part of your Collector HA group.
  10. Under Port mapping, click + ADD PORT.
  11. In the Port name 1 field, enter a name for the port.
  12. In the Port numbers 1 field, confirm "514" appears. If it isn't, input 514.
  13. Click CREATE.



Your Instance Group is now created, and you can go to the next step to create a load balancer.

Step 3 - Create Load Balancer

Reference: https://cloud.google.com/load-balancing/docs/https/ext-https-lb-simple#load-balancer

To create a load balancer, take the following steps.

  1. Use https://console.cloud.google.com/net-services/loadbalancing/list?_ga=2.221907288.1727950196.1712175609-895679178.1667947390.

    or

    Navigate to Network services > Load balancing .
  2. Click +CREATE LOAD BALANCER.
  3. Under Type of load balancer, select Network Load Balancer (TCP/UDP/SSL), then click NEXT.

  4. Under Proxy or passthrough, select Passthrough load balancer, and click NEXT.

  5. Under Public facing or internal, select Public facing (external) and click NEXT.

  6. Click CONFIGURE.



  7. In the Load Balancer name field, enter a name for the load balancer.
  8. From the Region drop-down list, select a region.

  9. From the Backend configuration column, take the following steps.
    1. From the Protocol drop-down list, select L3 (Multiple protocols).
    2. From the Instance group drop-down list, select the instance group you created in Create Instance Group, and click DONE.

    3. Click the Health check drop-down list.
    4. Click CREATE A HEALTH CHECK.
    5. From the Health Check window, take the following steps.
      1. In the Name field, enter a name for the health check.
      2. From the Protocol drop-down list, select TCP.
      3. In the Port field, enter "514".
      4. Click SAVE.



  10. Select Frontend configuration.
    1. From the Protocol drop-down list, select L3 (Multiple protocols).
    2. Click DONE.

  11. Click Review and finalize. You can review your configuration.
  12. Click CREATE.

Step 4 - Check Load Balancer

Select your load balancer and confirm whether Collectors can receive data from Load balancer external IP. This IP address is displayed under the IP:Port column in the Frontend table. This is also the IP address you will need to use when configuring Collector HA in FortiSIEM.

Step 5 - Configure Load Balancer to Report Health Status

  1. Go to your VM instances, using https://console.cloud.google.com/compute/instances?_ga=2.191581290.1727950196.1712175609-895679178.1667947390/.
  2. Select a Collector instance that you intend to use as part of your HA Collector group.
  3. Shut down the instance, then click EDIT.
    Note: The instance must be shut down in order to edit.

  4. Navigate to Access scopes, and locate Compute Engine.
  5. From the Compute Engine drop-down list, select Read Only.

  6. Click SAVE.
  7. Repeat steps 2-6 for any additional collectors that are part of your load balancer.
    After all your collectors have Compute Engine configured to Read Only, your load balancer is now ready to report its health status.
  8. Go to Configure Collector HA Via Load Balancer for FortiSIEM configuration.

Step 6 - Configure Collector HA Group Via Load Balancer

To create a new Collector High Availability configuration, take the following steps:

  1. Navigate to ADMIN > Settings > System > Cluster Config.
  2. Under Collector High Availability, click New. The Create Collector HA Group window appears. Take the following steps.
    1. From the Organization drop-down list, select your Organization.
    2. In the Group Name field, enter the name of your Collector group.
    3. From HA Via, select Load Balancer.
    4. From the Collectors drop-down list, select the Collectors to include in the group.
      Note: The available Collectors displayed are those from the same Organization selected earlier.
    5. In the Load Balancer IP field, enter the Load Balancer frontend IP address.
    6. Click Test to confirm it is working correctly. If it succeeds, proceed to the next step.
  3. Click Save.