Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiWeb OCI active - passive

What is the process for configuring two FortiWeb in HA A-P on OCI Cloud? Does it need to have Oracle LB to achieve active-passive HA according to the FortiWeb Document? or simply the configuration will be sync using HA Heart Beat ports and both have the same configuration?

is it recommended for the WAF to be after or before oracle LB in case the LB is a must in A-P scenario ?

Community Manager
Community Manager

Hello ANQ710,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Anthony-Fortinet Community Team.

Hi @ANQ710 ,


The process of Configuring FortiWeb in A-P on OCI cloud is described in below articles. 


In FortiWeb Active-Passive scenario in OCI, The configuration between Active and Standby will synchronize automatically using the FortiWeb HA  function, but you still need a OCI Loa balancer front ending the FortiWeb to Distribute the load to Active FortiWeb. OCI Cloud will monitor the Active FortiWeb IP (Port1 IP usually which is only available on the active node) and will forward the traffic to the Passive FortiWeb only if the Health Check fails on Active node. Meanwhile FortiWeb will communicate with Oracle Cloud API to move the Virtual IP address(Port1IP address) from Active to Passive device during the Time of Failover and this achieved by configuring a SDN connector in the FortiWeb.


LB should be before FortiWeb for Load Distribution to the correct FortiWeb which is currently active.


If you still have any doubts on this please post reply to this and someone would be able to give you a better guidance. 


Best Regards

Top Kudoed Authors