Fortinet white logo
Fortinet white logo

AliCloud Administration Guide

Deploying and configuring FortiGate-VM on AliCloud using HAVIP

Deploying and configuring FortiGate-VM on AliCloud using HAVIP

You can configure active-passive high availability (HA) with two FortiGate-VM instances using HA virtual IP addresses (HAVIP), which is configurable on the AliCloud platform. FortiGate-VM configuration is synchronized between the two instances. When a primary FortiGate-VM is down, a failover to a secondary FortiGate-VM occurs while sessions are kept, and the secondary unit is promoted to become the primary unit. HAVIP forwards traffic to the new primary FortiGate-VM while minimizing switching time.

In this scenario, the AliCloud VPC cannot create multiple route tables, and the VPC only supports one-arm deployment mode. HAVIP covers an inter-VPC service, and the VPC default route points to the HAVIP. VPC outbound traffic forwards to the HAVIP, then forwards to the primary FortiGate-VM. You must bind the HAVIP to an elastic IP address for VPC inbound traffic.

Deploying and configuring FortiGate-VM on AliCloud using HAVIP

Deploying and configuring FortiGate-VM on AliCloud using HAVIP

You can configure active-passive high availability (HA) with two FortiGate-VM instances using HA virtual IP addresses (HAVIP), which is configurable on the AliCloud platform. FortiGate-VM configuration is synchronized between the two instances. When a primary FortiGate-VM is down, a failover to a secondary FortiGate-VM occurs while sessions are kept, and the secondary unit is promoted to become the primary unit. HAVIP forwards traffic to the new primary FortiGate-VM while minimizing switching time.

In this scenario, the AliCloud VPC cannot create multiple route tables, and the VPC only supports one-arm deployment mode. HAVIP covers an inter-VPC service, and the VPC default route points to the HAVIP. VPC outbound traffic forwards to the HAVIP, then forwards to the primary FortiGate-VM. You must bind the HAVIP to an elastic IP address for VPC inbound traffic.