Active-Active Load Balancing with FortiWeb in Azure Marketplace Quiz
29 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which protocol do the FortiGate VMs use to communicate with each other in the FortiGate Active-Passive HA deployment?

  • FGCP H-A (correct)
  • OSPF
  • VRRP
  • BGP
  • Which deployment option is the preferred one due to its faster failover time and easier management?

  • FortiGate Active-Passive HA with ELB/ILB (correct)
  • FortiGate Active-Active Load Balanced with ELB/ILB
  • FortiGate Autoscale with Azure VMSS and Load Balancer
  • None of the above
  • What is the purpose of the Azure load balancer in the FortiGate Active-Passive HA deployment?

  • To provide ingress and egress flows with inspection
  • To handle traffic failover using health probes (correct)
  • To redirect traffic to the internal load balancer
  • To synchronize the configuration of the FortiGate VMs
  • What is the main difference between the FortiGate Active-Passive HA and FortiGate Active-Active Load Balanced deployments?

    <p>The number of FortiGate VMs deployed</p> Signup and view all the answers

    What is the purpose of UDRs in the FortiGate deployments?

    <p>To customize which traffic needs inspection</p> Signup and view all the answers

    What role must be applied to the Azure Subscription after deploying the FortiGate VMs?

    <p>Reader</p> Signup and view all the answers

    What is the purpose of the SDN fabric connector in the FortiGate deployments?

    <p>To communicate with the Azure fabric</p> Signup and view all the answers

    What is the recommended configuration to avoid asymmetric routing in the FortiGate deployments?

    <p>Configuring S-NAT</p> Signup and view all the answers

    What is the purpose of the internal Azure standard load balancer in the FortiGate Active-Passive HA deployment?

    <p>To receive all internal traffic and forward it to its destination</p> Signup and view all the answers

    What is the purpose of the external Azure standard load balancer in the FortiGate Active-Passive HA deployment?

    <p>To communicate with the internet</p> Signup and view all the answers

    Which feature of FortiGate allows for automatic scaling of FortiGate-VM instances in response to high workloads?

    <p>Config-sync</p> Signup and view all the answers

    What is the purpose of the Azure function app in the FortiGate Autoscale for Azure deployment package?

    <p>Autoscaling features</p> Signup and view all the answers

    Which component of the FortiGate Autoscale for Azure deployment package stores information about health check monitoring and primary device election?

    <p>Cosmos DB</p> Signup and view all the answers

    What is the purpose of the blob storage in the FortiGate Autoscale for Azure deployment package?

    <p>Storing initial configuration and BYOL licenses</p> Signup and view all the answers

    Which combination of licensing options is possible for the FortiGate Autoscale for Azure deployment?

    <p>Both BYOL and PAYG</p> Signup and view all the answers

    Which options are available to create a site-to-site IPsec VPN connection with Azure using FortiGate?

    <p>FortiGate in local network and FortiGate VM on the Azure side</p> Signup and view all the answers

    Why is it recommended to use FortiGate on both ends when creating a site-to-site IPsec VPN connection with Azure?

    <p>To ensure the best protection</p> Signup and view all the answers

    What can be deployed on either end of a site-to-site IPsec VPN connection for scenarios that require high availability?

    <p>FortiGate H-A clusters</p> Signup and view all the answers

    What is the purpose of the FortiGate Autoscale for Azure deployment package?

    <p>To facilitate the deployment of FortiGate-VM instances</p> Signup and view all the answers

    Where can you obtain the FortiGate Autoscale for Azure deployment package?

    <p><a href="https://github.com/Fortinet/fortigate-autoscale-azure">https://github.com/Fortinet/fortigate-autoscale-azure</a></p> Signup and view all the answers

    Which solution is not officially supported by FortiCare Support?

    <p>FortiWeb - Active-Active Load Balanced With ELB / ILB</p> Signup and view all the answers

    What components are included in the environment for the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?

    <p>An Azure load balancer with a public IP-address, two FortiWeb VMs, an external subnet, and an internal subnet</p> Signup and view all the answers

    What does the load balancer do in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?

    <p>Distributes traffic to the H-A members</p> Signup and view all the answers

    What happens if the primary node fails in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?

    <p>The secondary instance becomes the new primary</p> Signup and view all the answers

    What components are included in the environment for the FortiGate Active-Passive H-A With Fabric Connector solution?

    <p>Two FortiGate VMs, one V-NET with one protected subnet, and four subnets required for the FortiGate deployment</p> Signup and view all the answers

    What are the public IPs used for in the FortiGate Active-Passive H-A With Fabric Connector solution?

    <p>Access through the active FortiGate and management access</p> Signup and view all the answers

    Which solution can be deployed directly from Azure Marketplace?

    <p>FortiWeb - Active-Active Load Balanced With ELB / ILB</p> Signup and view all the answers

    Where are the templates provided for FortiGate and FortiWeb deployments?

    <p>FortiGate GitHub page</p> Signup and view all the answers

    What is required if an existing V-NET and public IP are used in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution?

    <p>The creation of different subnets (external and internal)</p> Signup and view all the answers

    Study Notes

    FortiGate HA Deployment

    • FortiGate VMs use the heartbeat protocol to communicate with each other in the FortiGate Active-Passive HA deployment.
    • The FortiGate Active-Passive HA deployment is the preferred option due to its faster failover time and easier management.

    Load Balancer and UDRs

    • The Azure load balancer directs traffic to the primary FortiGate VM in the FortiGate Active-Passive HA deployment.
    • UDRs (User-Defined Routes) are used to route traffic to the FortiGate VMs.

    FortiGate Deployment Options

    • The main difference between FortiGate Active-Passive HA and FortiGate Active-Active Load Balanced deployments is that the latter provides load balancing and scalability.
    • The SDN fabric connector is used to integrate FortiGate with Azure.

    Azure Configuration

    • The "Network Contributor" role must be applied to the Azure Subscription after deploying the FortiGate VMs.

    Load Balancer Configurations

    • The internal Azure standard load balancer is used to direct traffic to the primary FortiGate VM in the FortiGate Active-Passive HA deployment.
    • The external Azure standard load balancer is used to direct traffic from the internet to the Azure load balancer.

    Autoscaling

    • FortiGate's autoscaling feature allows for automatic scaling of FortiGate-VM instances in response to high workloads.
    • The Azure function app is used to automate the scaling process in the FortiGate Autoscale for Azure deployment package.
    • The blob storage stores information about health check monitoring and primary device election in the FortiGate Autoscale for Azure deployment package.
    • The FortiGate Autoscale for Azure deployment package supports a combination of BYOL (Bring Your Own License) and PAYG (Pay-As-You-Go) licensing options.

    IPsec VPN

    • FortiGate supports site-to-site IPsec VPN connections with Azure.
    • It is recommended to use FortiGate on both ends when creating a site-to-site IPsec VPN connection with Azure for high availability.
    • Other devices can be deployed on either end of a site-to-site IPsec VPN connection for scenarios that require high availability.

    FortiWeb Solution

    • The FortiWeb - Active-Active Load Balanced With ELB / ILB solution includes ELB (Elastic Load Balancer), ILB (Internal Load Balancer), and FortiWeb instances.
    • The load balancer distributes traffic to the FortiWeb instances in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution.
    • If the primary node fails in the FortiWeb - Active-Active Load Balanced With ELB / ILB solution, the secondary node takes over.
    • The FortiGate Active-Passive H-A With Fabric Connector solution includes FortiGate VMs, Azure load balancer, and SDN fabric connector.

    Deployment and Support

    • The FortiGate Autoscale for Azure deployment package can be obtained from the Azure Marketplace.
    • The FortiGate Autoscale for Azure deployment package is officially supported by FortiCare Support.
    • Templates for FortiGate and FortiWeb deployments can be found in the Azure Marketplace.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on deploying active-active load balancing with ELB/ILB for FortiWeb in Azure Marketplace. Learn about the available solutions, templates, and components involved in this environment. Note that this solution is not officially supported by FortiCare Support.

    More Like This

    Use Quizgecko on...
    Browser
    Browser