Deploying FortiManager HA instances on Azure
To deploy FortiManager instances on Azure:
-
In the Azure GUI, create the FortiManager instances in one Resource Group in the same or different subnets.
Different VNET is currently not supported as the Public IP being assigned is regional resource.
-
In the same Resource Group, create a Static Public IP to be used as the Virtual IP (VIP) of the FortiManager HA.
Alternatively, a Secondary Internal IP can also be used as the VIP if necessary. While creating the External IP, ensure that SKU is Basic and Tier is Regional, and the location is the same as that of the FortiManagerinstances. The External VIP is assigned to an instance when its mode is transitioned to Primary by the fmgutil to call Azure APIs from within the instance. -
For each FortiManager instance, navigate to the instance, go to Settings > Identity, and set System assigned to ON.
-
Under Azure role assignments, add a role capable of editing the VM with the Scope set as Resource Group.
You can now configure the HA settings in FortiManager. See Configuring FortiManager HA.
Deployment of FortiManager HA instances on Azure is supported in 7.2.5 and later and 7.4.2 and later. |