29 Questions
Which protocol do the FortiGate VMs use to communicate with each other in the FortiGate Active-Passive HA deployment?
FGCP H-A
Which deployment option is the preferred one due to its faster failover time and easier management?
FortiGate Active-Passive HA with ELB/ILB
What is the purpose of the Azure load balancer in the FortiGate Active-Passive HA deployment?
To handle traffic failover using health probes
What is the main difference between the FortiGate Active-Passive HA and FortiGate Active-Active Load Balanced deployments?
The number of FortiGate VMs deployed
What is the purpose of UDRs in the FortiGate deployments?
To customize which traffic needs inspection
What role must be applied to the Azure Subscription after deploying the FortiGate VMs?
Reader
What is the purpose of the SDN fabric connector in the FortiGate deployments?
To communicate with the Azure fabric
What is the recommended configuration to avoid asymmetric routing in the FortiGate deployments?
Configuring S-NAT
What is the purpose of the internal Azure standard load balancer in the FortiGate Active-Passive HA deployment?
To receive all internal traffic and forward it to its destination
What is the purpose of the external Azure standard load balancer in the FortiGate Active-Passive HA deployment?
To communicate with the internet
Which feature of FortiGate allows for automatic scaling of FortiGate-VM instances in response to high workloads?
Config-sync
What is the purpose of the Azure function app in the FortiGate Autoscale for Azure deployment package?
Autoscaling features
Which component of the FortiGate Autoscale for Azure deployment package stores information about health check monitoring and primary device election?
Cosmos DB
What is the purpose of the blob storage in the FortiGate Autoscale for Azure deployment package?
Storing initial configuration and BYOL licenses
Which combination of licensing options is possible for the FortiGate Autoscale for Azure deployment?
Both BYOL and PAYG
Which options are available to create a site-to-site IPsec VPN connection with Azure using FortiGate?
FortiGate in local network and FortiGate VM on the Azure side
Why is it recommended to use FortiGate on both ends when creating a site-to-site IPsec VPN connection with Azure?
To ensure the best protection
What can be deployed on either end of a site-to-site IPsec VPN connection for scenarios that require high availability?
FortiGate H-A clusters
What is the purpose of the FortiGate Autoscale for Azure deployment package?
To facilitate the deployment of FortiGate-VM instances
Where can you obtain the FortiGate Autoscale for Azure deployment package?
Which solution is not officially supported by FortiCare Support?
FortiWeb - Active-Active Load Balanced With ELB / ILB
What components are included in the environment for the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?
An Azure load balancer with a public IP-address, two FortiWeb VMs, an external subnet, and an internal subnet
What does the load balancer do in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?
Distributes traffic to the H-A members
What happens if the primary node fails in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?
The secondary instance becomes the new primary
What components are included in the environment for the FortiGate Active-Passive H-A With Fabric Connector solution?
Two FortiGate VMs, one V-NET with one protected subnet, and four subnets required for the FortiGate deployment
What are the public IPs used for in the FortiGate Active-Passive H-A With Fabric Connector solution?
Access through the active FortiGate and management access
Which solution can be deployed directly from Azure Marketplace?
FortiWeb - Active-Active Load Balanced With ELB / ILB
Where are the templates provided for FortiGate and FortiWeb deployments?
FortiGate GitHub page
What is required if an existing V-NET and public IP are used in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?
The creation of different subnets (external and internal)
Study Notes
FortiGate HA Deployment
- FortiGate VMs use the heartbeat protocol to communicate with each other in the FortiGate Active-Passive HA deployment.
- The FortiGate Active-Passive HA deployment is the preferred option due to its faster failover time and easier management.
Load Balancer and UDRs
- The Azure load balancer directs traffic to the primary FortiGate VM in the FortiGate Active-Passive HA deployment.
- UDRs (User-Defined Routes) are used to route traffic to the FortiGate VMs.
FortiGate Deployment Options
- The main difference between FortiGate Active-Passive HA and FortiGate Active-Active Load Balanced deployments is that the latter provides load balancing and scalability.
- The SDN fabric connector is used to integrate FortiGate with Azure.
Azure Configuration
- The "Network Contributor" role must be applied to the Azure Subscription after deploying the FortiGate VMs.
Load Balancer Configurations
- The internal Azure standard load balancer is used to direct traffic to the primary FortiGate VM in the FortiGate Active-Passive HA deployment.
- The external Azure standard load balancer is used to direct traffic from the internet to the Azure load balancer.
Autoscaling
- FortiGate's autoscaling feature allows for automatic scaling of FortiGate-VM instances in response to high workloads.
- The Azure function app is used to automate the scaling process in the FortiGate Autoscale for Azure deployment package.
- The blob storage stores information about health check monitoring and primary device election in the FortiGate Autoscale for Azure deployment package.
- The FortiGate Autoscale for Azure deployment package supports a combination of BYOL (Bring Your Own License) and PAYG (Pay-As-You-Go) licensing options.
IPsec VPN
- FortiGate supports site-to-site IPsec VPN connections with Azure.
- It is recommended to use FortiGate on both ends when creating a site-to-site IPsec VPN connection with Azure for high availability.
- Other devices can be deployed on either end of a site-to-site IPsec VPN connection for scenarios that require high availability.
FortiWeb Solution
- The FortiWeb - Active-Active Load Balanced With ELB / ILB solution includes ELB (Elastic Load Balancer), ILB (Internal Load Balancer), and FortiWeb instances.
- The load balancer distributes traffic to the FortiWeb instances in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution.
- If the primary node fails in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution, the secondary node takes over.
- The FortiGate Active-Passive H-A With Fabric Connector solution includes FortiGate VMs, Azure load balancer, and SDN fabric connector.
Deployment and Support
- The FortiGate Autoscale for Azure deployment package can be obtained from the Azure Marketplace.
- The FortiGate Autoscale for Azure deployment package is officially supported by FortiCare Support.
- Templates for FortiGate and FortiWeb deployments can be found in the Azure Marketplace.
Test your knowledge on deploying active-active load balancing with ELB/ILB for FortiWeb in Azure Marketplace. Learn about the available solutions, templates, and components involved in this environment. Note that this solution is not officially supported by FortiCare Support.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
