Fortimanager Azure Deployment in HA without configuring Public IP and ILB

Forum|Forum|3 months ago
February 21, 2026
1 reply
106 views

We have deployed two standalone FMG implemented for HA on Azure. We don't have Public IP to use as VIP. Also, NLB is not factored in our design. How I shall achieve failover with VIP (Floating IP) using private IP? We had tried setting secondary IP on FMG VM but the same IP is not allowed to set on secondary. FortiManager

JoerVan

Staff

Hi,

It is possible to configure your FortiManager to failover a private IP and not a public IP in Microsoft Azure. This failover is documented on the links below. It is important that the FortiManager has a private IP on each as primary IP address for the units to be able to connect to Microsoft Azure to failover the secondary private IP. The primary IP address on each FortiManager needs either a public IP or be able to route to the internet via a NAT Gateway or FortiGate for example.

https://github.com/40net-cloud/fortinet-azure-solutions/tree/main/FortiManager/ha#vrrp-automatic-failover-using-secondary-private-ip-address

https://github.com/40net-cloud/fortinet-azure-solutions/tree/main/FortiManager/ha#vrrp-automatic-failover-using-secondary-private-ip-address-1

Regards,

Joeri

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded