You can configure active-passive HA with two FortiGate-VM instances using HAVIP, which is configurable on the AliCloud platform. FortiGate-VM configuration is synchronized between the two instances. When a primary FortiGate-VM is down, a failover to a secondary FortiGate-VM occurs while sessions are kept, and the secondary unit is promoted to become the primary unit. HAVIP forwards traffic to the new primary FortiGate-VM while keeping switching time minimal.
In this scenario, the AliCloud VPC cannot create multiple route tables, and the VPC only supports one-arm deployment mode. HAVIP covers an inter-VPC service, and the VPC default route points to the HAVIP. VPC outbound traffic forwards to the HAVIP, then forwards to the primary FortiGate-VM. You must bind the HAVIP to an EIP for VPC inbound traffic.