FortiGate Active-Passive High Availability (H-A) Quiz

Questions and Answers

Which component is required in the environment for an active-passive deployment of FortiGate VMs?

• One internal Azure standard load balancer
• Three public IPs
• One V-NET with one protected subnet (correct)
• One external Azure standard load balancer

What is the purpose of the external Azure standard load balancer in the FortiGate setup?

• To configure S-NAT for North-South traffic
• To handle traffic failover using a health probe
• To provide communication with the internet (correct)
• To receive all internal traffic and forward it to its destination

How many public IPs are used in the FortiGate setup for management access?

• Four
• Three
• Two (correct)
• One

What is the purpose of UDRs in the FortiGate setup?

To redirect traffic to the internal load balancer (A)

How do the FortiGate VMs communicate with each other in the active-passive deployment?

Using the unicast FGCP H-A protocol (A)

What is the recommended method to avoid asymmetric routing in the FortiGate setup?

Configuring S-NAT for North-South traffic (C)

What is required to deploy FortiGate VMs for Azure Autoscale?

Virtual machine scale sets (D)

What does the Azure function app handle in the FortiGate Autoscale deployment?

All of the above (D)

What information is stored in the tables of Cosmos DB in the FortiGate Autoscale deployment?

All of the above (D)

What is one of the options to create a site-to-site IPsec VPN connection with Azure using FortiGate?

FortiGate in your local network (D)

Which component is required for the FortiGate Active-Passive H-A with Fabric Connector deployment?

One V-NET with one protected subnet (A)

What is the purpose of the first public IP in the FortiGate Active-Passive H-A with Fabric Connector deployment?

Access through the active FortiGate (C)

What is the role of the SDN fabric connector in the FortiGate Active-Passive H-A with Fabric Connector deployment?

To facilitate failover (C)

What protocol do the two FortiGate VMs use to synchronize the configuration in the active-passive deployment?

FortiGate Clustering Protocol (FGCP) (C)

Why is the active-passive deployment with the Azure load balancer the preferred option?

Both faster failover time and easier management (C)

What must be done after the deployment of the FortiGate Active-Passive H-A with Fabric Connector?

Apply the Reader role to the Azure Subscription (B)

What is the purpose of the two additional public IPs in the FortiGate Active-Passive H-A with Fabric Connector deployment?

Management access (C)

What is the main advantage of using the FortiGate Active-Passive H-A with Fabric Connector deployment?

Customizable traffic inspection (B)

Why is the FortiGate Active-Passive H-A with Fabric Connector deployment not used very frequently?

Longer failover time (A)

What is the purpose of the user-defined routes (UDRs) in the FortiGate Active-Passive H-A with Fabric Connector deployment?

To customize traffic routing (D)

Which two options are available for establishing a site-to-site IPsec VPN with your Azure network?

FortiGate in your local network and Azure VPN Gateway on the Azure side (C)

What is the recommended solution for ensuring the best protection and avoiding the administrative burden of managing multiple VPN platforms?

FortiGate in your local network and FortiGate VM on the Azure side (B)

What can you deploy on either end of the connection for scenarios that require high availability?

FortiGate H-A clusters (D)

What can you use to establish a site-to-site IPsec VPN with your Azure network if you want similar results with either option?

FortiGate in your local network and FortiGate VM on the Azure side (D)

Which option is recommended for ensuring the best protection and avoiding the administrative burden of managing multiple VPN platforms?

FortiGate in your local network and FortiGate VM on the Azure side (D)

What is the purpose of deploying FortiGate H-A clusters on either end of the connection?

To provide high availability (A)

Which option is recommended for scenarios that require high availability?

FortiGate H-A clusters (D)

Which option is recommended for establishing a site-to-site IPsec VPN with your Azure network if you want the best protection and want to avoid managing multiple VPN platforms?

FortiGate in your local network and FortiGate VM on the Azure side (D)

What is the purpose of using FortiGate on both ends of the connection?

To ensure the best protection and avoid the administrative burden of managing multiple VPN platforms (B)

What is the purpose of using FortiGate in your local network and FortiGate VM on the Azure side?

To establish a site-to-site IPsec VPN with your Azure network (A)