Skip to main content
simonorch
simonorch
Explorer
June 17, 2022
Question

IPsec and Azure fortigates in stand alone load balancer sandwich

  • June 17, 2022
  • 2 replies
  • 2179 views

We have 2 standalone Azure Fortigates (7.0) in a load balancer sandwich, managed by FMG. We're looking to replace the Azure VPN gateway with IPSec on the Fortigates to our onprem Fortigate cluster.

 

I'm looking for a reference design for the IPSec tunnels and associated routing or if anyone has done it this way?

 

Currently i have dialup tunnels from Azure fortigates to onprem but failover and loadbalancing doesn't work so well. I'm thinking perhaps i need OSPF or BGP but am unsure.

 

Any tips?

 

 

 

 

2 replies

A
Anonymous_User
Contributor
June 20, 2022

Hello @simonorch , 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

      Fortinet Community Team 

A
Anonymous_User
Contributor
June 20, 2022

Hi there,

Looking at your issue, this is more to designing the solution.

Do you mind to share your network diagram so i can get some idea?

simonorch
simonorchAuthor
Explorer
June 20, 2022

Hi

 

We have a basic 'active-active' set up with loadbalancers as per the admin guide. Azure has one public IP. The onprem FG is a standard A-P ha cluster.

There will in the future be a requirement for further IPSec tunnels to the azure side from other third party sources.

 

The idea was to get full use of both azure fortigates rather than a standard A-P set up. From what i have heard so far this may be possible but not perhaps advisable or best practice.

 

I have also spoken to our local SEs and they are investigating as well

 

 

FG-cloud.JPG

Terms & ConditionsAccessibility statement