FortiGate Active-Passive High Availability (H-A) Quiz

Questions and Answers

PDF Questions PDF Answers

Which component is required in the environment for an active-passive deployment of FortiGate VMs?

One internal Azure standard load balancer

Three public IPs

One V-NET with one protected subnet (correct)

One external Azure standard load balancer

What is the purpose of the external Azure standard load balancer in the FortiGate setup?

To configure S-NAT for North-South traffic

To handle traffic failover using a health probe

To provide communication with the internet (correct)

To receive all internal traffic and forward it to its destination

How many public IPs are used in the FortiGate setup for management access?

Four

Three

Two (correct)

One

What is the purpose of UDRs in the FortiGate setup?

To redirect traffic to the internal load balancer

How do the FortiGate VMs communicate with each other in the active-passive deployment?

Using the unicast FGCP H-A protocol

What is the recommended method to avoid asymmetric routing in the FortiGate setup?

Configuring S-NAT for North-South traffic

What is required to deploy FortiGate VMs for Azure Autoscale?

Virtual machine scale sets

What does the Azure function app handle in the FortiGate Autoscale deployment?

All of the above

What information is stored in the tables of Cosmos DB in the FortiGate Autoscale deployment?

All of the above

What is one of the options to create a site-to-site IPsec VPN connection with Azure using FortiGate?

FortiGate in your local network

Which component is required for the FortiGate Active-Passive H-A with Fabric Connector deployment?

One V-NET with one protected subnet

What is the purpose of the first public IP in the FortiGate Active-Passive H-A with Fabric Connector deployment?

Access through the active FortiGate

What is the role of the SDN fabric connector in the FortiGate Active-Passive H-A with Fabric Connector deployment?

To facilitate failover

What protocol do the two FortiGate VMs use to synchronize the configuration in the active-passive deployment?

FortiGate Clustering Protocol (FGCP)

Why is the active-passive deployment with the Azure load balancer the preferred option?

Both faster failover time and easier management

What must be done after the deployment of the FortiGate Active-Passive H-A with Fabric Connector?

Apply the Reader role to the Azure Subscription

What is the purpose of the two additional public IPs in the FortiGate Active-Passive H-A with Fabric Connector deployment?

Management access

What is the main advantage of using the FortiGate Active-Passive H-A with Fabric Connector deployment?

Customizable traffic inspection

Why is the FortiGate Active-Passive H-A with Fabric Connector deployment not used very frequently?

Longer failover time

What is the purpose of the user-defined routes (UDRs) in the FortiGate Active-Passive H-A with Fabric Connector deployment?

To customize traffic routing

Which two options are available for establishing a site-to-site IPsec VPN with your Azure network?

FortiGate in your local network and Azure VPN Gateway on the Azure side

What is the recommended solution for ensuring the best protection and avoiding the administrative burden of managing multiple VPN platforms?

FortiGate in your local network and FortiGate VM on the Azure side

What can you deploy on either end of the connection for scenarios that require high availability?

FortiGate H-A clusters

What can you use to establish a site-to-site IPsec VPN with your Azure network if you want similar results with either option?

FortiGate in your local network and FortiGate VM on the Azure side

Which option is recommended for ensuring the best protection and avoiding the administrative burden of managing multiple VPN platforms?

FortiGate in your local network and FortiGate VM on the Azure side

What is the purpose of deploying FortiGate H-A clusters on either end of the connection?

To provide high availability

Which option is recommended for scenarios that require high availability?

FortiGate H-A clusters

Which option is recommended for establishing a site-to-site IPsec VPN with your Azure network if you want the best protection and want to avoid managing multiple VPN platforms?

FortiGate in your local network and FortiGate VM on the Azure side

What is the purpose of using FortiGate on both ends of the connection?

To ensure the best protection and avoid the administrative burden of managing multiple VPN platforms

What is the purpose of using FortiGate in your local network and FortiGate VM on the Azure side?

To establish a site-to-site IPsec VPN with your Azure network