Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JakeBlues
New Contributor

Created on ‎06-30-2023 06:06 AM

Azure Fortigate HA - Route to the working internal interface

Hi,

 

I've set up an active/passive configuration of Fortigate on Azure, running FortiOS 7.2.5 with SDN connector failover.

From the public IP site, no problems: when FW A is active, public IP points to it, and the same happens when FW B is active.

A problem arises when I need to set up routes from the internal networks, as per the following schematic:

VPN AD Fortinet.jpg

 

What I'm trying to do is to allow remote office users to reach domain controller.

I need to set up the route table in order to allow the domain controller to reach remote office lan, but on Azure I can set up only one gateway, say 10.251.2.4 or 10.252.1.5.

 

How can I do that?

 

Thanks in advance.

 

Labels:
708
0 Kudos
3 REPLIES 3
vvarangoulis
Staff
Staff

Created on ‎06-30-2023 07:20 AM

Hello Jake,

Since you have a cluster active passive, it means that only the 10.251.2.4 or 10.252.1.5 will pass traffic when each FGT is active/primary.
I guess you might need to configure the vdom exceptions for the static routes so each FGT will have it's own static routes

Fortinet Documentation - VDOM exceptions
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/105611/vdom-exceptions

Please mark the posts as solved if you have no further queries
--VV--
692
0 Kudos
JakeBlues
New Contributor

Created on ‎06-30-2023 07:48 AM

Hi @vvarangoulis ,

 

could you please be a little more specific?

How having different routes for every FGT will solve my problem?

I have to set up a route table in the domain controller vNet so it can reach the internal interface of the FGT that's active.

So I need to use a static IP, but it changes depending on what FGT is active.

How setting VDOM exception will solve my problem?

 

Thanks

687
0 Kudos
vvarangoulis
Staff
Staff

Created on ‎06-30-2023 07:58 AM

The vdom exceptions allows you to set different values at some parts of your configuration that you specify in your cluster FGTs.
Perhaps the AWS example in our documentation might be more clear than my explanation

Check the bottom of the page
https://docs.fortinet.com/document/fortigate-public-cloud/7.0.0/aws-administration-guide/794353/depl...


Another example for those vdom exceptions on our GitHub documentation

https://github.com/fortinet/azure-templates/blob/main/FortiGate/Active-Passive-ELB-ILB/doc/config-ou...

Please mark the posts as solved if you have no further queries
--VV--
681
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.