We recently went from a single FortiGate VM to an Active-Active pair using an Azure LB before and after. We previously had NAT off because one of the application servers needs the source IP of the traffic. Once we went active-active, we had to disable NAT because we were getting constant disconnects and our MSP said this was due to traffic getting routed back incorrectly. Once we enabled NAT, the errors went away.
Our problem now is that the application on the server can no longer see the source IP. Are there any other ways to get the source IPs passed along to the destination server? Please let me know if you need any additional info.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.