This article describes cases where it is impossible to have different IPs on WAN or LAN on both nodes because they are synced when trying to manually change the IP.

Example:

FGT A - port1 - 10.0.0.13

FGT B - port1 - 10.0.0.12

This can cause issues in HA sync and failover may fail. This is because each node must have its own set of IP addresses in the public cloud.

This behavior can sometimes be seen in new deployments or upgrades.

By default, the one-zone deployment may not contain exceptions for not syncing.

FortiGate Cluster on the public cloud (e.g. AWS or Azure) within the same zone (Network).

To avoid this issue, create an exception so the interface IPs will not sync.

This way it will be possible to apply correctly the IPs statically without being synced to the other member.

Apply these settings on both members of the cluster:

Created exception:

config system vdom-exception

    edit 1

        set object system.interface

    next

end

Note: if further changes are required in the future of the interfaces, they must be validated by both members.

It is not necessary to have more expectations compared to a 'multi-zone deployment' because the routing and VIPs will be the same, due to it being the same network.

After these steps, it will be possible to change the IP addresses.

Related documents:

Fortinet Docs:

Deploying FortiGate-VM active-passive HA on AWS within one zone

HA for FortiGate-VM on Azure

VDOM exceptions 

GitHub:

FortiOS FGCP AP HA (Single AZ) in AWS

Deployment templates for FortiGate | Microsoft Azure

Terraform Deployment Scripts

Other Knowledge Base Articles:

Technical Tip: HA FortiGate configurations that will sync and will not sync