Hi,
I've set up an active/passive configuration of Fortigate on Azure, running FortiOS 7.2.5 with SDN connector failover.
From the public IP site, no problems: when FW A is active, public IP points to it, and the same happens when FW B is active.
A problem arises when I need to set up routes from the internal networks, as per the following schematic:
What I'm trying to do is to allow remote office users to reach domain controller.
I need to set up the route table in order to allow the domain controller to reach remote office lan, but on Azure I can set up only one gateway, say 10.251.2.4 or 10.252.1.5.
How can I do that?
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Jake,
Since you have a cluster active passive, it means that only the 10.251.2.4 or 10.252.1.5 will pass traffic when each FGT is active/primary.
I guess you might need to configure the vdom exceptions for the static routes so each FGT will have it's own static routes
Fortinet Documentation - VDOM exceptions
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/105611/vdom-exceptions
Hi @vvarangoulis ,
could you please be a little more specific?
How having different routes for every FGT will solve my problem?
I have to set up a route table in the domain controller vNet so it can reach the internal interface of the FGT that's active.
So I need to use a static IP, but it changes depending on what FGT is active.
How setting VDOM exception will solve my problem?
Thanks
The vdom exceptions allows you to set different values at some parts of your configuration that you specify in your cluster FGTs.
Perhaps the AWS example in our documentation might be more clear than my explanation
Check the bottom of the page
https://docs.fortinet.com/document/fortigate-public-cloud/7.0.0/aws-administration-guide/794353/depl...
Another example for those vdom exceptions on our GitHub documentation
https://github.com/fortinet/azure-templates/blob/main/FortiGate/Active-Passive-ELB-ILB/doc/config-ou...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.