High Availability Configuration with FortiGate VMs in Azure

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which device receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs?

  • FGCP protocol
  • Azure gateways
  • Internal load balancer (correct)
  • FortiGate devices

What is recommended to enable when configuring the policies on the FortiGate devices to allow and forward traffic to internal hosts?

  • FGSP
  • Configuration synchronization
  • NAT (correct)
  • Auto-scaling setup

What does enabling NAT do to the packets?

  • S-NATs them to the IP-address of port2 (correct)
  • Forwards them to Azure gateways
  • Syncs them between FortiGate VMs
  • Encrypts them

What is the purpose of symmetric return enforcement?

<p>To improve security (B)</p> Signup and view all the answers

What protocol is used in the active-passive setup to sync the configuration?

<p>FGCP (B)</p> Signup and view all the answers

What is the recommended setup to enable configuration synchronization between both FortiGate VMs?

<p>Auto-scaling setup (C)</p> Signup and view all the answers

What does the auto-scaling setup sync between the FortiGate VMs?

<p>All configurations (A)</p> Signup and view all the answers

What is the IP-address 10.0.1.x used for?

<p>Port 1 of the opposite FortiGate VM (B)</p> Signup and view all the answers

What is not applicable in the active-active setup of FortiGate VMs?

<p>FGCP protocol (C)</p> Signup and view all the answers

What should be done on both FortiGate VMs to enable configuration synchronization?

<p>Add recommended configuration syntax (B)</p> Signup and view all the answers

Which version of FortiOS is required for the H-A scenario with three NICs in Azure?

<p>FortiOS 7.2.1 (B)</p> Signup and view all the answers

What is the main difference between the H-A scenario with three NICs and other H-A scenarios in Azure?

<p>The use of a dedicated management interface (B)</p> Signup and view all the answers

How many network interfaces are required for the active-active load balance sandwich scenario in Azure?

<p>Two (C)</p> Signup and view all the answers

What handles traffic failover in the active-active load balance sandwich scenario?

<p>Azure load balancer (A)</p> Signup and view all the answers

Which component has the public IP-address in the active-active load balance sandwich scenario?

<p>Azure load balancer (C)</p> Signup and view all the answers

Which version of FortiOS is required for FGSP session synchronization?

<p>FortiOS 7.2.1 (A)</p> Signup and view all the answers

What is recommended to enable for north-south traffic in the active-active load balance sandwich scenario?

<p>NAT on policy (A)</p> Signup and view all the answers

How many FortiGate VMs are required for the active-active load balance sandwich scenario?

<p>Two (B)</p> Signup and view all the answers

What is used to synchronize configuration in the active-active load balance sandwich scenario?

<p>FortiManager (B)</p> Signup and view all the answers

Which network interface is used for the H-A interface in the H-A scenario with three NICs?

<p>Port3 (B)</p> Signup and view all the answers

Flashcards are hidden until you start studying

Study Notes

FortiGate Devices and Azure Setup

  • The FortiGate device that receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs is the internal FortiGate device.

Policy Configuration on FortiGate Devices

  • It is recommended to enable symmetric return enforcement when configuring policies on the FortiGate devices to allow and forward traffic to internal hosts.

NAT and Packet Handling

  • Enabling NAT changes the source IP address of the packets.

Symmetric Return Enforcement

  • Symmetric return enforcement ensures that return traffic takes the same path as the incoming traffic.

Active-Passive Setup

  • The protocol used to sync the configuration in the active-passive setup is FGCP (FortiGate Clustering Protocol).

Configuration Synchronization

  • To enable configuration synchronization between both FortiGate VMs, it is recommended to set up FGCP.

Auto-Scaling Setup

  • In an auto-scaling setup, the configuration is synced between the FortiGate VMs.

IP Address 10.0.1.x

  • The IP address 10.0.1.x is used for internal communication.

Active-Active Setup

  • In the active-active setup of FortiGate VMs, FGSP (FortiGate Session Persistence) is not applicable.

Enabling Configuration Synchronization

  • To enable configuration synchronization on both FortiGate VMs, FGCP should be set up on both devices.

FortiOS Version Requirement

  • FortiOS version 6.4 or later is required for the H-A scenario with three NICs in Azure.

H-A Scenario with Three NICs

  • The main difference between the H-A scenario with three NICs and other H-A scenarios in Azure is the use of three NICs.

Active-Active Load Balance Sandwich Scenario

  • Four network interfaces are required for the active-active load balance sandwich scenario in Azure.
  • The FortiGate VMs handle traffic failover in the active-active load balance sandwich scenario.
  • The external load balancer has the public IP address in the active-active load balance sandwich scenario.
  • FortiOS version 6.4 or later is required for FGSP session synchronization.
  • It is recommended to enable FGSP for north-south traffic in the active-active load balance sandwich scenario.
  • Two FortiGate VMs are required for the active-active load balance sandwich scenario.
  • FGSP is used to synchronize the configuration in the active-active load balance sandwich scenario.
  • The port1 interface is used for the H-A interface in the H-A scenario with three NICs.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser