| Description | This article shows how an A-A cluster deployed over Azure must be configured to avoid malfunctioning |
| Scope | Azure FortiGate |
| Solution |
Setting up a FortiGate autoscale Active-Active cluster on Azure can be challenging and could lead to common issues that are, by the way, manageable. It is critical to understand the deployment of such a cluster relies on the integration of two technologies: FortiGate and Azure infrastructure. Both components must work together to achieve a successful configuration.
After deploying the cluster to ensure stability and functionality, it is important to verify some settings. If FortiGate Session Persistence (FGSP) is required, the following HA configuration must be ensured:
config system ha set session-pickup enable set session-pickup-connectionless enable set session-pickup-nat enable set session-pickup-expectation enable set override disable end
For more details, refer to https://github.com/fortinet/azure-templates/tree/main/FortiGate/Active-Active-ELB-ILB#north-south-tr....
Review the load-balancing rules for both the internal and external load balancers it is essential for the correct operation of the cluster.
Below is an example of how an external load-balancing rule must be configured:
Here, another example of the internal load-balancing rule:
Once all those suggestions are correctly implemented, the cluster is expected to work properly. Load Balancer TCP Reset and idle timeout in Azure - Azure Load Balancer | Microsoft Learn azure-templates/FortiGate/Active-Active-ELB-ILB at main · fortinet/azure-templates (github.com) |
