topic MNT nodes failover question in Network Access Control

MNT nodes failover question

alyautdinov — Mon, 23 Nov 2020 09:58:21 GMT

Hi Team,

As far as I understood logs between MNT nodes are not synchronized. They work as active/active. All nodes in the deployment send logs to MNT nodes simultaneously. When Primary MNT goes down PAN switches to Secondary MNT and reads logs from it. Now only Secondary MNT receives logs and when Primary MNT goes up PAN switches back to Primary MNT automatically and does not see logs that happened when Primary MNT was down. The only solution to keep the log database identical is to backup operational data from Secondary MNT (with full logs) and restores it to Primary MNT. But restoring operational data causes stop services on the Primary MNT node so it will miss logs again during the restore. So what the way to keep the log database identical on the MNT nodes?

Re: MNT nodes failover question

Mohammed al Baqari — Mon, 23 Nov 2020 09:05:28 GMT

Hi,

Why do you want to restore MNT logs on other nodes. PAN will have full
visibility on all MNT nodes and parse their logs. What are you trying to
achieve with this?

**** please remember to rate useful posts

Re: MNT nodes failover question

alyautdinov — Mon, 23 Nov 2020 09:56:07 GMT

Hi,

I do not want to restore MNT logs on the other nodes only between Primary and Secondary MNT nodes to keep the log database identical.

From the book SISE 300-715:

"Upon an MnT failure, all nodes continue to send logs to the remaining MnT node so that no logs are lost. The PAN retrieves all logs and reports data from the secondary MnT node, so there is no administrative function loss, either. However, the log database is not synchronized between the primary and secondary MnT nodes; therefore, when the MnT node returns to service, a backup and restore of the monitoring node is required to keep the two MnT nodes in complete synchronization."