HA Active Passive with 4 nics VM and 4 ports for policies

Forum|Forum|5 years ago
November 4, 2020
2 replies
3995 views

Hi,

I have a two 4-nic-azure-VM supporting Fortigates (Standard F4 azure vm) All 4 interfaces are used for policies (outside,dmz,internal,on-premise). Actually I m using HA Active Active using Fortigate in Standalone mode + FGSP + azure Load Balancer

But I do want to migrate to HA Active Passive mode to reduce costs (azure LBs)

I check the HA Active Passive mode and found that I need two extra interfaces for HA & MGMT

and that HA interfaces have link-local IP addresses, and the dedicated HA MGMT ports are not subject to Firewall Policies

In Azure, the number of max nics depends on the VM size. In my Case I need to upgrade from Standard F4 to Standard F8

This is oversided and will cost much more than the actual architecture. I m searching for a solution to get HA Active Passive mode with the actual VMs (4 NICs)

Thanks,

Regards,

Wassim

FortiGate

boneyard

Valued Contributor

i don't think that is possible, the base setup requires 4 NICsand there isn't a 6 NIC solution so you have to move to 8 NICs then.

as you have been looking a deployment models none of them show what you are doing:

"All 4 interfaces are used for policies (outside,dmz,internal,on-premise)."

the way FortiGate in Azure (and other clouds) is that you use an internal and external side and you use user based routing to send traffic from the different internal networks to the FortiGate.

your method will work, but as you notice you run into issue due to the limited NICs available.

wmaatougAuthor

New Member

Thanks @boneyard.

soheil_amiri

New Member

hi wmaatoug

for changing mode from AA to AP you need only 1 extra NIC for HB, you can use your internal or on-premise network as a management netowkr. but you need HB NIC for internal communication.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded