I'm setting up a Fortigate on Azure in an HA active7active setup as described in the docs: https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/azure-administration-guide/983245/ha...
Specifically, i've followed the template here: https://github.com/40net-cloud/fortinet-azure-solutions/tree/main/FortiGate/Active-Active-ELB-ILB
What baffles me for this solution is that I have to set up on the external load balancer two inbound NAT rules per port, one for FW A and one for FW B, but the frontend ports have to be different.
Therefore, how can I set up a rule for SSL-VPN?
On each FW I've set up a SSLVPN on port 10443.
Then I've set up NAT rules as follows:
FW A: frontend port 60443, internal 10443
FW B: frontend port 60444 (it can't be the same as FW A), internal 10443
How can I set up Forticlient? If I say remote port 60443, then if FW A is down it doesn't work.
Am I missing something?