Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wmaatoug
New Contributor

HA Active Passive with 4 nics VM and 4 ports for policies

Hi,

 

I have a two 4-nic-azure-VM supporting Fortigates (Standard F4 azure vm) All 4 interfaces are used for policies (outside,dmz,internal,on-premise). Actually I m using HA Active Active using Fortigate in Standalone mode + FGSP + azure Load Balancer

 

But I do want to migrate to HA Active Passive mode to reduce costs (azure LBs)

 

I check the HA Active Passive mode and found that I need two extra interfaces for HA & MGMT

and that HA interfaces have link-local IP addresses, and the dedicated HA MGMT ports are not subject to Firewall Policies

 

In Azure, the number of max nics depends on the VM size. In my Case I need to upgrade from Standard F4 to Standard F8

This is oversided and will cost much more than the actual architecture. I m searching for a solution to get HA Active Passive mode with the actual VMs (4 NICs)

 

Thanks,

 

Regards,

Wassim

3 REPLIES 3
boneyard
Valued Contributor

i don't think that is possible, the base setup requires 4 NICsand there isn't a 6 NIC solution so you have to move to 8 NICs then.

 

as you have been looking a deployment models none of them show what you are doing:

 

"All 4 interfaces are used for policies (outside,dmz,internal,on-premise)."

 

the way FortiGate in Azure (and other clouds) is that you use an internal and external side and you use user based routing to send traffic from the different internal networks to the FortiGate.

 

your method will work, but as you notice you run into issue due to the limited NICs available.

wmaatoug

Thanks @boneyard.

soheil_amiri
New Contributor

hi wmaatoug

for changing mode from AA to AP you need only 1 extra NIC for HB, you can use your internal or on-premise network as a management netowkr. but you need HB NIC for internal communication.

Labels
Top Kudoed Authors