Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate Azure VM HA active/active SSL-VPN setup


I'm setting up a Fortigate on Azure in an HA active7active setup as described in the docs: 

Specifically, i've followed the template here: 


What baffles me for this solution is that I have to set up on the external load balancer two inbound NAT rules per port, one for FW A and one for FW B, but the frontend ports have to be different.


Therefore, how can I set up a rule for SSL-VPN?


On each FW I've set up a SSLVPN on port 10443.

Then I've set up NAT rules as follows:


FW A: frontend port 60443, internal 10443

FW B: frontend port 60444 (it can't be the same as FW A), internal 10443


How can I set up Forticlient? If I say remote port 60443, then if FW A is down it doesn't work.


Am I missing something?




Are you sure you need to do it this way?

Azure LB handles traffic failover using a health probe towards the FortiGate-VM. So really you would just have one IP:Port definition for your SSL VPN and the Azure LB will forward it to the correct Firewall.

New Contributor III

Hi @JakeBlues ,


Did you manage to solve it?
I have a similar problem where I have a NAT of port 443 to an internal server and it uses the same port on both firewall but once failover it does not work because the firewall A NAT is above the Firewall B nat. Can you shed some light if there is a way to do this?


Top Kudoed Authors