Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

Support HA between AZs  6.2.1

High availability (HA) between availability zones (AZs) on Azure is supported.

Azure HA solves the problem of availability when a FortiGate goes down. Azure HA across AZs solves the problem of what happens when Azure goes down, which ensures the maximum amount of uptime for customers.

To configure HA between AZs:
  1. Ensure FortiGate A and FortiGate B are in different availability zones in Azure.

    In the following example, FortiGate A is in availability zone 1:

    FortiGate B is in availability zone 2:

  2. For each FortiGate, go to Identity > System assigned, and set Status to On.

  3. For each FortiGate, under Add role assignment, set Role to Contributor.

  4. Set the public IP address:

    1. For the SKU option, select Standard.
    2. In the Availability zone list, select Zone-redundant.

  5. Failover is configured.

    fgtb # HA event
    				Become HA master mode 2
    				azd sdn connector  getting token
    				token size:1328
    				token expire on:1562718611
    				resourcegroup:thomasHArg, sub:2f96c44c-cfb2-4621-bd36-65ba45185e0c
    				get pubip p1
    				found pub ip p1
    				id /subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/resourceGroups/thomasHArg/providers/Microsoft.Network/networkInterfaces/anic1/ipConfigurations/ipconfig1
    				remove public ip in nic anic1
    				result:200
    				remove public ip p1 in ipconfig ipconfig1
    				updating nic:anic1
    				result:200
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/17da0243-7bbf-4a5e-ad87-affe65d12212?api-version=2018-06-01
    				result:200
    				{
    				"status": "InProgress"
    				}
    				status:InProgress
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/17da0243-7bbf-4a5e-ad87-affe65d12212?api-version=2018-06-01
    				result:200
    				{
    				"status": "InProgress"
    				}
    				status:InProgress
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/17da0243-7bbf-4a5e-ad87-affe65d12212?api-version=2018-06-01
    				result:200
    				{
    				"status": "Succeeded"
    				}
    				status:Succeeded
    				end wait:0
    				remove is done 0
    				add public ip in nic bnic1
    				result:200
    				add public ip p1 in ipconfig ipconfig1
    				updating nic:bnic1
    				result:200
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/524f4202-d597-42fa-8b72-b7f90bb4dee6?api-version=2018-06-01
    				result:200
    				{
    				"status": "Succeeded"
    				}
    				status:Succeeded
    				end wait:0
    				get route table rt1
    				result:200
    				matching route:r1:r1
    				set route r1 nexthop 20.0.1.5
    				updating route table:rt1
    				result:200
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/425d3b00-7ea5-4979-aebc-7141f33f2a8f?api-version=2018-06-01
    				result:200
    				{
    				"status": "Succeeded"
    				}
    				status:Succeeded
    				end wait:0
    			nexthop and add is done

Support HA between AZs  6.2.1

High availability (HA) between availability zones (AZs) on Azure is supported.

Azure HA solves the problem of availability when a FortiGate goes down. Azure HA across AZs solves the problem of what happens when Azure goes down, which ensures the maximum amount of uptime for customers.

To configure HA between AZs:
  1. Ensure FortiGate A and FortiGate B are in different availability zones in Azure.

    In the following example, FortiGate A is in availability zone 1:

    FortiGate B is in availability zone 2:

  2. For each FortiGate, go to Identity > System assigned, and set Status to On.

  3. For each FortiGate, under Add role assignment, set Role to Contributor.

  4. Set the public IP address:

    1. For the SKU option, select Standard.
    2. In the Availability zone list, select Zone-redundant.

  5. Failover is configured.

    fgtb # HA event
    				Become HA master mode 2
    				azd sdn connector  getting token
    				token size:1328
    				token expire on:1562718611
    				resourcegroup:thomasHArg, sub:2f96c44c-cfb2-4621-bd36-65ba45185e0c
    				get pubip p1
    				found pub ip p1
    				id /subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/resourceGroups/thomasHArg/providers/Microsoft.Network/networkInterfaces/anic1/ipConfigurations/ipconfig1
    				remove public ip in nic anic1
    				result:200
    				remove public ip p1 in ipconfig ipconfig1
    				updating nic:anic1
    				result:200
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/17da0243-7bbf-4a5e-ad87-affe65d12212?api-version=2018-06-01
    				result:200
    				{
    				"status": "InProgress"
    				}
    				status:InProgress
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/17da0243-7bbf-4a5e-ad87-affe65d12212?api-version=2018-06-01
    				result:200
    				{
    				"status": "InProgress"
    				}
    				status:InProgress
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/17da0243-7bbf-4a5e-ad87-affe65d12212?api-version=2018-06-01
    				result:200
    				{
    				"status": "Succeeded"
    				}
    				status:Succeeded
    				end wait:0
    				remove is done 0
    				add public ip in nic bnic1
    				result:200
    				add public ip p1 in ipconfig ipconfig1
    				updating nic:bnic1
    				result:200
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/524f4202-d597-42fa-8b72-b7f90bb4dee6?api-version=2018-06-01
    				result:200
    				{
    				"status": "Succeeded"
    				}
    				status:Succeeded
    				end wait:0
    				get route table rt1
    				result:200
    				matching route:r1:r1
    				set route r1 nexthop 20.0.1.5
    				updating route table:rt1
    				result:200
    				waiting for operation:https://management.azure.com/subscriptions/2f96c44c-cfb2-4621-bd36-65ba45185e0c/providers/Microsoft.Network/locations/northeurope/operations/425d3b00-7ea5-4979-aebc-7141f33f2a8f?api-version=2018-06-01
    				result:200
    				{
    				"status": "Succeeded"
    				}
    				status:Succeeded
    				end wait:0
    			nexthop and add is done