ฝัง
- เผยแพร่เมื่อ 5 ก.ย. 2024
- Hello Engineers and Admins,
In this video we will configure a High Availability FortiGate in Azure using a Fabric Connector or SDN.
We will be recreating this common topology referenced in the knowledge base below:
docs.fortinet....
github.com/for...
For more fun tips and tricks please visit our website for blogs, videos, and more!
netquiet.com/
![How to Deploy Single Palo Alto VM in Azure [Palo Alto Part 2]](http://i.ytimg.com/vi/H2yxrZPIDKs/mqdefault.jpg)
![How to Deploy Single Palo Alto VM in Azure [Palo Alto Part 2]](/img/tr.png)
I've never seen a video this beneficial before.
Best video I have seen of this yet! Both MS and FGT support sent me links to some craziness, but this was clear and concise, but, mostly, EXACTLY what MS/FGT should have produced. Thanks for doing their work! A+ video!
Concise and to the point. I've always used ILB/ELB for HA in Azure but it turns out the Fabric Connector is a much more efficient way of managing HA and failover. Thanks heaps :)
Do you know any benefits of using additional Load Balancer?
@@williamgregoire5090 Not a lot that I can think of. With separately managed LB, you only provision one Public IP address resource for the HA stack and the load balancer monitors the backend Fortigate VMs to determine which of the two HA members the public IP address should be assigned to. It works just as fine as a Fabric connector failover but with Fabric connector approach, at least I'm not managing and paying for Internal and external load balancers.
Great, thank you!
I wish you would do a tutorial showing a similar HA setup but with External and Internal Load balancers involved :/
that would be great, just what I am looking for
Thanks for this video! The best explanation of this scenario I've ever seen! Could you please cover the Active - Active scenario with Load Balancers as well?
Really helpful information and i did the similar config as you demonstrated, thanks man !
Is there any advantage of implementing Active/Pasive with ILB/ELB over this model with the Fabric Connector?
After seeing this video I don't see any (it costs more, and I have more components to manage with additional LoadBalancers)?
Thank you for your help and great video
Hi, I was wondering what you need to do to get the fortigate to update other routes you may have in the routing table when switching over to the secondary firewall?
If a Single VM for Fortigate was deployed and I want to add another Fortigate to create HA, can I use the marketplace or do I use the ARM template?
Ever find out a method for doing this? I'm contemplating the same for an existing subscription. It's a debate between add a fortigate and do this all manually or use the template and move vm's to the new production subnet.
The easiest is to deploy a cluster next to the existing single VM and import the config into the cluster so you can test before migration. With UDRs you can move just a single subnet to the new setup. Migrating would mean you need to have the single FGT in an Availability Set or you need to move the VM into a zone. The latest Single VM templates allow you to add a FortiGate VM into an existing AV Set or AV Zone. Secondly you need to add extra network interfaces for the HA Sync and HA mgmt. Also if you are using Basic SKU public IPs I would move them to Standard SKU IPs and use the FortiGate Active/Passive ELB/ILB setup. Faster failover and less overhead in configuring routetable sync in the SDN connector.