Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vvikash
Staff
Staff

Created on ‎09-07-2023 09:40 PM

Article Id 272659

Technical Tip: AWS HA issue when using different instance types

Description

This article describes the FortiGate sync issue if different types of EC2 instances are selected.
Scope

Issues can occur in both single-zone and multi-zone high-availability setups.

Refer to below article to set up HA:

Technical Tip: How to setup FortiGate-VM A-P HA on AWS within one zone
Solution

Case 1:

When both FortiGate instances are of the same size: Pictures are attached for reference:

 

vvikash_0-1694105919703.png

 

vvikash_1-1694105919710.png

 

High Availability (HA) can be observed in sync:

 

vvikash_6-1694105985811.png

 

vvikash_7-1694105985814.png

 

Failover is happening as expected:

 

vvikash_10-1694106007212.png

 

Case2:

The instance type is different (FortiGate1 is t3.xlarge and FortiGate2 is c6i.xlarge). With identical configurations, it can be observed that HA is not in sync, as shown below:

 

 
vvikash_11-1694106057556.png

 

 

vvikash_12-1694106067258.png

 

Result:

For HA to function in AWS, it is necessary to have instances of the same type and size.
262
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.