Deploying and configuring FortiGate-VM on AliCloud using HAVIP
You can configure active-passive high availability (HA) with two FortiGate-VM instances using HA virtual IP addresses (HAVIP), which you can configure on AliCloud. FortiGate-VM configuration is synchronized between the two instances. When a primary FortiGate-VM is down, a failover to a secondary FortiGate-VM occurs while sessions are kept, and the secondary unit is promoted to become the primary unit. HAVIP forwards traffic to the new primary FortiGate-VM while keeping switching time minimal.
In this scenario, the AliCloud VPC cannot create multiple route tables, and the VPC only supports one-arm deployment mode. HAVIP covers an inter-VPC service, and the VPC default route points to the HAVIP. VPC outbound traffic forwards to the HAVIP, then forwards to the primary FortiGate-VM. You must bind the HAVIP to an elastic IP address for VPC inbound traffic.