Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
simonorch
Contributor

IPsec and Azure fortigates in stand alone load balancer sandwich

We have 2 standalone Azure Fortigates (7.0) in a load balancer sandwich, managed by FMG. We're looking to replace the Azure VPN gateway with IPSec on the Fortigates to our onprem Fortigate cluster.

 

I'm looking for a reference design for the IPSec tunnels and associated routing or if anyone has done it this way?

 

Currently i have dialup tunnels from Azure fortigates to onprem but failover and loadbalancing doesn't work so well. I'm thinking perhaps i need OSPF or BGP but am unsure.

 

Any tips?

 

 

 

 

3 REPLIES 3
Anonymous
Not applicable

Hello @simonorch , 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

      Fortinet Community Team 

Muhammad_Haiqal

Hi there,

Looking at your issue, this is more to designing the solution.

Do you mind to share your network diagram so i can get some idea?

haiqal
simonorch

Hi

 

We have a basic 'active-active' set up with loadbalancers as per the admin guide. Azure has one public IP. The onprem FG is a standard A-P ha cluster.

There will in the future be a requirement for further IPSec tunnels to the azure side from other third party sources.

 

The idea was to get full use of both azure fortigates rather than a standard A-P set up. From what i have heard so far this may be possible but not perhaps advisable or best practice.

 

I have also spoken to our local SEs and they are investigating as well

 

 

FG-cloud.JPG

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors