FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vvikash
Staff
Staff
Article Id 272659
Description

This article describes the FortiGate sync issue if different types of EC2 instances are selected.

Scope

Issues can occur in both single-zone and multi-zone high-availability setups.

Refer to below article to set up HA:

Technical Tip: How to setup FortiGate-VM A-P HA on AWS within one zone

Solution

Case 1:

When both FortiGate instances are of the same size: Pictures are attached for reference:

 

vvikash_0-1694105919703.png

 

vvikash_1-1694105919710.png

 

High Availability (HA) can be observed in sync:

 

vvikash_6-1694105985811.png

 

vvikash_7-1694105985814.png

 

Failover is happening as expected:

 

vvikash_10-1694106007212.png

 

Case2:

The instance type is different (FortiGate1 is t3.xlarge and FortiGate2 is c6i.xlarge). With identical configurations, it can be observed that HA is not in sync, as shown below:

 

 
vvikash_11-1694106057556.png

 

 

vvikash_12-1694106067258.png

 

Result:

For HA to function in AWS, it is necessary to have instances of the same type and size.

Contributors