Fortigate Azure HA Setup Changes

Reshan1996 · ‎11-21-2024

In my azure environment have Fortigate HA Cluster with external load balancer and internal load balancer. Everything find normally but my issue is both active and passive firewall in same region and same zone. I need to break passive firewall from cluster and create new fortigate vm in same vnet in azure same region but different zone and setup ha with primary firewall. If any one have an idea about this, Please help for this.

Reshan1996 · ‎11-21-2024

Any update ?

JoerVan · ‎11-21-2024

Hi,

There are 2 options for migration between zones in the same region.

The blog below will allow you to retain the config and license on the unit.

https://nicolgit.github.io/Moving-a-virtual-machine-between-availability-zones-in-Azure/

An alternative is to create a backup of an existing VM, shutdown the VM, deploy a new single VM fortiGate using the Azure Marketplace or ARM template in the desired zone (select the availability option and correct name in the second tab during deployment), upload the license and config. You might need to change IP addresses in the FGT config as the new deployment will have different IPs.

Joeri

Eat, breathe, sleep cloud

bam · ‎11-21-2024

I believe if you deployed using arm/bicep then after you delete the VM with boot disk (while leaving all the rest, like nics) and redeploy the updated template your VM should keep the same ipconfig and addresses.

Reshan1996 · ‎11-22-2024

Noted, But any possibility to create new vm and break out secondary firewall from ha cluster and our new create vm connect to with primary firewall.

Fortigate Azure HA Setup Changes

Nominate a Forum Post for Knowledge Article Creation