This article describes, the issue with Floating IP not shift from FortiGate previous Master VM, to the new active firewall, during the HA failover.
The debug logs from AZD process on the new active firewall VM during the time of failover, shows, azd api failed with error: 403 'AuthorizationFailed':
- AZD debug on the Slave VM, during the HA Failover:
FGT-HA-Slave # diag debug application azd -1 <-----Debug messages will be on for 30 minutes.
In case the Azure SDN connector configured with service principal, make sure to have assigned the 'Contributor' role to the service principal account, under the IAM settings of Microsoft Azure.
If the Azure SDN connector has managed identity enabled instead of service principal, make sure the system assigned managed identity is enabled for the VMs.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.