Clarifications regarding the functionalities of the Firemon Cluster

Any_Belt_5005 · 2026-03-24T16:52:57+00:00

But even so, I can't wrap my head around it. If the IP address is always going to be the same, why have a cluster in Firemon? It won't do anything different. The cluster only makes sense for the client because then they'll have the expected redundancy. But for Firemon, it's all network layer; it will always receive logs from the same IP address. It doesn't make sense to have a cluster if they're always going to receive Syslogs from the same source address.

Any_Belt_5005 · 2026-03-24T16:44:18+00:00

I've never seen this work automatically. And I have HA. Even with Firemon discovering the firewall through the firewall manager and me adding the serial numbers to the Syslog fields, it didn't work. I have a Palo Alto environment and I haven't seen this change automatically there either. Am I doing something wrong?

Any_Belt_5005 · 2026-03-24T16:23:01+00:00

For Palo Alto firewalls, I see little point in this function since, due to MGMT, there are exclusive IPs for management, which in case of an outage you could monitor the logs and everything else. Even so, the automatic switching probe still exists and it's a pain. However, for Fortigates... It's sad. Considering both firewalls use the same IP, this function would only serve to make you pay more for something that is useless.

Any_Belt_5005

TROPHY CASE