Podcast
Questions and Answers
Which device receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs?
Which device receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs?
What is recommended to enable when configuring the policies on the FortiGate devices to allow and forward traffic to internal hosts?
What is recommended to enable when configuring the policies on the FortiGate devices to allow and forward traffic to internal hosts?
What does enabling NAT do to the packets?
What does enabling NAT do to the packets?
What is the purpose of symmetric return enforcement?
What is the purpose of symmetric return enforcement?
Signup and view all the answers
What protocol is used in the active-passive setup to sync the configuration?
What protocol is used in the active-passive setup to sync the configuration?
Signup and view all the answers
What is the recommended setup to enable configuration synchronization between both FortiGate VMs?
What is the recommended setup to enable configuration synchronization between both FortiGate VMs?
Signup and view all the answers
What does the auto-scaling setup sync between the FortiGate VMs?
What does the auto-scaling setup sync between the FortiGate VMs?
Signup and view all the answers
What is the IP-address 10.0.1.x used for?
What is the IP-address 10.0.1.x used for?
Signup and view all the answers
What is not applicable in the active-active setup of FortiGate VMs?
What is not applicable in the active-active setup of FortiGate VMs?
Signup and view all the answers
What should be done on both FortiGate VMs to enable configuration synchronization?
What should be done on both FortiGate VMs to enable configuration synchronization?
Signup and view all the answers
Which version of FortiOS is required for the H-A scenario with three NICs in Azure?
Which version of FortiOS is required for the H-A scenario with three NICs in Azure?
Signup and view all the answers
What is the main difference between the H-A scenario with three NICs and other H-A scenarios in Azure?
What is the main difference between the H-A scenario with three NICs and other H-A scenarios in Azure?
Signup and view all the answers
How many network interfaces are required for the active-active load balance sandwich scenario in Azure?
How many network interfaces are required for the active-active load balance sandwich scenario in Azure?
Signup and view all the answers
What handles traffic failover in the active-active load balance sandwich scenario?
What handles traffic failover in the active-active load balance sandwich scenario?
Signup and view all the answers
Which component has the public IP-address in the active-active load balance sandwich scenario?
Which component has the public IP-address in the active-active load balance sandwich scenario?
Signup and view all the answers
Which version of FortiOS is required for FGSP session synchronization?
Which version of FortiOS is required for FGSP session synchronization?
Signup and view all the answers
What is recommended to enable for north-south traffic in the active-active load balance sandwich scenario?
What is recommended to enable for north-south traffic in the active-active load balance sandwich scenario?
Signup and view all the answers
How many FortiGate VMs are required for the active-active load balance sandwich scenario?
How many FortiGate VMs are required for the active-active load balance sandwich scenario?
Signup and view all the answers
What is used to synchronize configuration in the active-active load balance sandwich scenario?
What is used to synchronize configuration in the active-active load balance sandwich scenario?
Signup and view all the answers
Which network interface is used for the H-A interface in the H-A scenario with three NICs?
Which network interface is used for the H-A interface in the H-A scenario with three NICs?
Signup and view all the answers
Study Notes
FortiGate Devices and Azure Setup
- The FortiGate device that receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs is the internal FortiGate device.
Policy Configuration on FortiGate Devices
- It is recommended to enable symmetric return enforcement when configuring policies on the FortiGate devices to allow and forward traffic to internal hosts.
NAT and Packet Handling
- Enabling NAT changes the source IP address of the packets.
Symmetric Return Enforcement
- Symmetric return enforcement ensures that return traffic takes the same path as the incoming traffic.
Active-Passive Setup
- The protocol used to sync the configuration in the active-passive setup is FGCP (FortiGate Clustering Protocol).
Configuration Synchronization
- To enable configuration synchronization between both FortiGate VMs, it is recommended to set up FGCP.
Auto-Scaling Setup
- In an auto-scaling setup, the configuration is synced between the FortiGate VMs.
IP Address 10.0.1.x
- The IP address 10.0.1.x is used for internal communication.
Active-Active Setup
- In the active-active setup of FortiGate VMs, FGSP (FortiGate Session Persistence) is not applicable.
Enabling Configuration Synchronization
- To enable configuration synchronization on both FortiGate VMs, FGCP should be set up on both devices.
FortiOS Version Requirement
- FortiOS version 6.4 or later is required for the H-A scenario with three NICs in Azure.
H-A Scenario with Three NICs
- The main difference between the H-A scenario with three NICs and other H-A scenarios in Azure is the use of three NICs.
Active-Active Load Balance Sandwich Scenario
- Four network interfaces are required for the active-active load balance sandwich scenario in Azure.
- The FortiGate VMs handle traffic failover in the active-active load balance sandwich scenario.
- The external load balancer has the public IP address in the active-active load balance sandwich scenario.
- FortiOS version 6.4 or later is required for FGSP session synchronization.
- It is recommended to enable FGSP for north-south traffic in the active-active load balance sandwich scenario.
- Two FortiGate VMs are required for the active-active load balance sandwich scenario.
- FGSP is used to synchronize the configuration in the active-active load balance sandwich scenario.
- The port1 interface is used for the H-A interface in the H-A scenario with three NICs.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Quiz: Understanding High Availability (H-A) Configuration with FortiGate VMs in Azure Test your knowledge on High Availability (H-A) configuration using FortiGate VMs in Azure. Learn about the minimum requirements, unicast communication, and the main difference in this scenario compared to other H-A setups. Discover the key features of FortiOS 7.0.1 or later and gain a deeper understanding of network interfaces and dedicated management interfaces.
