Recent

  • Show all results for ""
quiz image
By @olegchursin_photo

High Availability Configuration with FortiGate VMs in Azure

VisionarySugilite avatar
VisionarySugilite
·
·
Download

Start Quiz

Study Flashcards

20 Questions

Which device receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs?

Internal load balancer

What is recommended to enable when configuring the policies on the FortiGate devices to allow and forward traffic to internal hosts?

NAT

What does enabling NAT do to the packets?

S-NATs them to the IP-address of port2

What is the purpose of symmetric return enforcement?

To improve security

What protocol is used in the active-passive setup to sync the configuration?

FGCP

What is the recommended setup to enable configuration synchronization between both FortiGate VMs?

Auto-scaling setup

What does the auto-scaling setup sync between the FortiGate VMs?

All configurations

What is the IP-address 10.0.1.x used for?

Port 1 of the opposite FortiGate VM

What is not applicable in the active-active setup of FortiGate VMs?

FGCP protocol

What should be done on both FortiGate VMs to enable configuration synchronization?

Add recommended configuration syntax

Which version of FortiOS is required for the H-A scenario with three NICs in Azure?

FortiOS 7.2.1

What is the main difference between the H-A scenario with three NICs and other H-A scenarios in Azure?

The use of a dedicated management interface

How many network interfaces are required for the active-active load balance sandwich scenario in Azure?

Two

What handles traffic failover in the active-active load balance sandwich scenario?

Azure load balancer

Which component has the public IP-address in the active-active load balance sandwich scenario?

Azure load balancer

Which version of FortiOS is required for FGSP session synchronization?

FortiOS 7.2.1

What is recommended to enable for north-south traffic in the active-active load balance sandwich scenario?

NAT on policy

How many FortiGate VMs are required for the active-active load balance sandwich scenario?

Two

What is used to synchronize configuration in the active-active load balance sandwich scenario?

FortiManager

Which network interface is used for the H-A interface in the H-A scenario with three NICs?

Port3

Study Notes

FortiGate Devices and Azure Setup

  • The FortiGate device that receives all internal traffic and forwards it to Azure gateways connecting ExpressRoute or Azure VPNs is the internal FortiGate device.

Policy Configuration on FortiGate Devices

  • It is recommended to enable symmetric return enforcement when configuring policies on the FortiGate devices to allow and forward traffic to internal hosts.

NAT and Packet Handling

  • Enabling NAT changes the source IP address of the packets.

Symmetric Return Enforcement

  • Symmetric return enforcement ensures that return traffic takes the same path as the incoming traffic.

Active-Passive Setup

  • The protocol used to sync the configuration in the active-passive setup is FGCP (FortiGate Clustering Protocol).

Configuration Synchronization

  • To enable configuration synchronization between both FortiGate VMs, it is recommended to set up FGCP.

Auto-Scaling Setup

  • In an auto-scaling setup, the configuration is synced between the FortiGate VMs.

IP Address 10.0.1.x

  • The IP address 10.0.1.x is used for internal communication.

Active-Active Setup

  • In the active-active setup of FortiGate VMs, FGSP (FortiGate Session Persistence) is not applicable.

Enabling Configuration Synchronization

  • To enable configuration synchronization on both FortiGate VMs, FGCP should be set up on both devices.

FortiOS Version Requirement

  • FortiOS version 6.4 or later is required for the H-A scenario with three NICs in Azure.

H-A Scenario with Three NICs

  • The main difference between the H-A scenario with three NICs and other H-A scenarios in Azure is the use of three NICs.

Active-Active Load Balance Sandwich Scenario

  • Four network interfaces are required for the active-active load balance sandwich scenario in Azure.
  • The FortiGate VMs handle traffic failover in the active-active load balance sandwich scenario.
  • The external load balancer has the public IP address in the active-active load balance sandwich scenario.
  • FortiOS version 6.4 or later is required for FGSP session synchronization.
  • It is recommended to enable FGSP for north-south traffic in the active-active load balance sandwich scenario.
  • Two FortiGate VMs are required for the active-active load balance sandwich scenario.
  • FGSP is used to synchronize the configuration in the active-active load balance sandwich scenario.
  • The port1 interface is used for the H-A interface in the H-A scenario with three NICs.

Quiz: Understanding High Availability (H-A) Configuration with FortiGate VMs in Azure Test your knowledge on High Availability (H-A) configuration using FortiGate VMs in Azure. Learn about the minimum requirements, unicast communication, and the main difference in this scenario compared to other H-A setups. Discover the key features of FortiOS 7.0.1 or later and gain a deeper understanding of network interfaces and dedicated management interfaces.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

Get started for free

More Quizzes Like This

FortiGate Active-Passive High Availability (H-A) Quiz
30 questions

FortiGate Active-Passive High Availability (H-A) Quiz

VisionarySugilite avatar
VisionarySugilite
Troubleshooting Azure High Availability VM Floating IP
10 questions

Troubleshooting Azure High Availability VM Floating IP

VisionarySugilite avatar
VisionarySugilite
Zabbix High Availability Day1 P3
30 questions

Zabbix High Availability Day1 P3

SpellboundTropicalIsland avatar
SpellboundTropicalIsland
Cluster Configuration Overview
5 questions

Cluster Configuration Overview

HospitableSteelDrums avatar
HospitableSteelDrums
Use Quizgecko on...
Browser
Open
Browser
Browser