Podcast
Questions and Answers
Which device receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs?
Which device receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs?
- FGCP protocol
- Azure gateways
- Internal load balancer (correct)
- FortiGate devices
What is recommended to enable when configuring the policies on the FortiGate devices to allow and forward traffic to internal hosts?
What is recommended to enable when configuring the policies on the FortiGate devices to allow and forward traffic to internal hosts?
- FGSP
- Configuration synchronization
- NAT (correct)
- Auto-scaling setup
What does enabling NAT do to the packets?
What does enabling NAT do to the packets?
- S-NATs them to the IP-address of port2 (correct)
- Forwards them to Azure gateways
- Syncs them between FortiGate VMs
- Encrypts them
What is the purpose of symmetric return enforcement?
What is the purpose of symmetric return enforcement?
What protocol is used in the active-passive setup to sync the configuration?
What protocol is used in the active-passive setup to sync the configuration?
What is the recommended setup to enable configuration synchronization between both FortiGate VMs?
What is the recommended setup to enable configuration synchronization between both FortiGate VMs?
What does the auto-scaling setup sync between the FortiGate VMs?
What does the auto-scaling setup sync between the FortiGate VMs?
What is the IP-address 10.0.1.x used for?
What is the IP-address 10.0.1.x used for?
What is not applicable in the active-active setup of FortiGate VMs?
What is not applicable in the active-active setup of FortiGate VMs?
What should be done on both FortiGate VMs to enable configuration synchronization?
What should be done on both FortiGate VMs to enable configuration synchronization?
Which version of FortiOS is required for the H-A scenario with three NICs in Azure?
Which version of FortiOS is required for the H-A scenario with three NICs in Azure?
What is the main difference between the H-A scenario with three NICs and other H-A scenarios in Azure?
What is the main difference between the H-A scenario with three NICs and other H-A scenarios in Azure?
How many network interfaces are required for the active-active load balance sandwich scenario in Azure?
How many network interfaces are required for the active-active load balance sandwich scenario in Azure?
What handles traffic failover in the active-active load balance sandwich scenario?
What handles traffic failover in the active-active load balance sandwich scenario?
Which component has the public IP-address in the active-active load balance sandwich scenario?
Which component has the public IP-address in the active-active load balance sandwich scenario?
Which version of FortiOS is required for FGSP session synchronization?
Which version of FortiOS is required for FGSP session synchronization?
What is recommended to enable for north-south traffic in the active-active load balance sandwich scenario?
What is recommended to enable for north-south traffic in the active-active load balance sandwich scenario?
How many FortiGate VMs are required for the active-active load balance sandwich scenario?
How many FortiGate VMs are required for the active-active load balance sandwich scenario?
What is used to synchronize configuration in the active-active load balance sandwich scenario?
What is used to synchronize configuration in the active-active load balance sandwich scenario?
Which network interface is used for the H-A interface in the H-A scenario with three NICs?
Which network interface is used for the H-A interface in the H-A scenario with three NICs?
Study Notes
FortiGate Devices and Azure Setup
- The FortiGate device that receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs is the internal FortiGate device.
Policy Configuration on FortiGate Devices
- It is recommended to enable symmetric return enforcement when configuring policies on the FortiGate devices to allow and forward traffic to internal hosts.
NAT and Packet Handling
- Enabling NAT changes the source IP address of the packets.
Symmetric Return Enforcement
- Symmetric return enforcement ensures that return traffic takes the same path as the incoming traffic.
Active-Passive Setup
- The protocol used to sync the configuration in the active-passive setup is FGCP (FortiGate Clustering Protocol).
Configuration Synchronization
- To enable configuration synchronization between both FortiGate VMs, it is recommended to set up FGCP.
Auto-Scaling Setup
- In an auto-scaling setup, the configuration is synced between the FortiGate VMs.
IP Address 10.0.1.x
- The IP address 10.0.1.x is used for internal communication.
Active-Active Setup
- In the active-active setup of FortiGate VMs, FGSP (FortiGate Session Persistence) is not applicable.
Enabling Configuration Synchronization
- To enable configuration synchronization on both FortiGate VMs, FGCP should be set up on both devices.
FortiOS Version Requirement
- FortiOS version 6.4 or later is required for the H-A scenario with three NICs in Azure.
H-A Scenario with Three NICs
- The main difference between the H-A scenario with three NICs and other H-A scenarios in Azure is the use of three NICs.
Active-Active Load Balance Sandwich Scenario
- Four network interfaces are required for the active-active load balance sandwich scenario in Azure.
- The FortiGate VMs handle traffic failover in the active-active load balance sandwich scenario.
- The external load balancer has the public IP address in the active-active load balance sandwich scenario.
- FortiOS version 6.4 or later is required for FGSP session synchronization.
- It is recommended to enable FGSP for north-south traffic in the active-active load balance sandwich scenario.
- Two FortiGate VMs are required for the active-active load balance sandwich scenario.
- FGSP is used to synchronize the configuration in the active-active load balance sandwich scenario.
- The port1 interface is used for the H-A interface in the H-A scenario with three NICs.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Quiz: Understanding High Availability (H-A) Configuration with FortiGate VMs in Azure Test your knowledge on High Availability (H-A) configuration using FortiGate VMs in Azure. Learn about the minimum requirements, unicast communication, and the main difference in this scenario compared to other H-A setups. Discover the key features of FortiOS 7.0.1 or later and gain a deeper understanding of network interfaces and dedicated management interfaces.
