20 Questions
Which device receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs?
Internal load balancer
What is recommended to enable when configuring the policies on the FortiGate devices to allow and forward traffic to internal hosts?
NAT
What does enabling NAT do to the packets?
S-NATs them to the IP-address of port2
What is the purpose of symmetric return enforcement?
To improve security
What protocol is used in the active-passive setup to sync the configuration?
FGCP
What is the recommended setup to enable configuration synchronization between both FortiGate VMs?
Auto-scaling setup
What does the auto-scaling setup sync between the FortiGate VMs?
All configurations
What is the IP-address 10.0.1.x used for?
Port 1 of the opposite FortiGate VM
What is not applicable in the active-active setup of FortiGate VMs?
FGCP protocol
What should be done on both FortiGate VMs to enable configuration synchronization?
Add recommended configuration syntax
Which version of FortiOS is required for the H-A scenario with three NICs in Azure?
FortiOS 7.2.1
What is the main difference between the H-A scenario with three NICs and other H-A scenarios in Azure?
The use of a dedicated management interface
How many network interfaces are required for the active-active load balance sandwich scenario in Azure?
Two
What handles traffic failover in the active-active load balance sandwich scenario?
Azure load balancer
Which component has the public IP-address in the active-active load balance sandwich scenario?
Azure load balancer
Which version of FortiOS is required for FGSP session synchronization?
FortiOS 7.2.1
What is recommended to enable for north-south traffic in the active-active load balance sandwich scenario?
NAT on policy
How many FortiGate VMs are required for the active-active load balance sandwich scenario?
Two
What is used to synchronize configuration in the active-active load balance sandwich scenario?
FortiManager
Which network interface is used for the H-A interface in the H-A scenario with three NICs?
Port3
Study Notes
FortiGate Devices and Azure Setup
- The FortiGate device that receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs is the internal FortiGate device.
Policy Configuration on FortiGate Devices
- It is recommended to enable symmetric return enforcement when configuring policies on the FortiGate devices to allow and forward traffic to internal hosts.
NAT and Packet Handling
- Enabling NAT changes the source IP address of the packets.
Symmetric Return Enforcement
- Symmetric return enforcement ensures that return traffic takes the same path as the incoming traffic.
Active-Passive Setup
- The protocol used to sync the configuration in the active-passive setup is FGCP (FortiGate Clustering Protocol).
Configuration Synchronization
- To enable configuration synchronization between both FortiGate VMs, it is recommended to set up FGCP.
Auto-Scaling Setup
- In an auto-scaling setup, the configuration is synced between the FortiGate VMs.
IP Address 10.0.1.x
- The IP address 10.0.1.x is used for internal communication.
Active-Active Setup
- In the active-active setup of FortiGate VMs, FGSP (FortiGate Session Persistence) is not applicable.
Enabling Configuration Synchronization
- To enable configuration synchronization on both FortiGate VMs, FGCP should be set up on both devices.
FortiOS Version Requirement
- FortiOS version 6.4 or later is required for the H-A scenario with three NICs in Azure.
H-A Scenario with Three NICs
- The main difference between the H-A scenario with three NICs and other H-A scenarios in Azure is the use of three NICs.
Active-Active Load Balance Sandwich Scenario
- Four network interfaces are required for the active-active load balance sandwich scenario in Azure.
- The FortiGate VMs handle traffic failover in the active-active load balance sandwich scenario.
- The external load balancer has the public IP address in the active-active load balance sandwich scenario.
- FortiOS version 6.4 or later is required for FGSP session synchronization.
- It is recommended to enable FGSP for north-south traffic in the active-active load balance sandwich scenario.
- Two FortiGate VMs are required for the active-active load balance sandwich scenario.
- FGSP is used to synchronize the configuration in the active-active load balance sandwich scenario.
- The port1 interface is used for the H-A interface in the H-A scenario with three NICs.
Quiz: Understanding High Availability (H-A) Configuration with FortiGate VMs in Azure Test your knowledge on High Availability (H-A) configuration using FortiGate VMs in Azure. Learn about the minimum requirements, unicast communication, and the main difference in this scenario compared to other H-A setups. Discover the key features of FortiOS 7.0.1 or later and gain a deeper understanding of network interfaces and dedicated management interfaces.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free