You can configure Active-Passive High Availability (HA) with two FortiGate-VM instances using Highly Available Virtual IP (HAVIP), which is configurable on the AliCloud platform. FortiGate configuration is synchronized between the two instances. When a primary/master FortiGate is down, a failover to a secondary/slave FortiGate occurs while sessions are kept, and the secondary unit is promoted to become the primary unit. HAVIP forwards traffic to the new primary FortiGate while keeping switching time minimal.
AliCloud VPC cannot create multiple route tables, and the VPC only support one-arm deployment mode. HAVIP covers an inter-VPC service, and the VPC default route will point to the HAVIP. VPC outbound traffic will forward to HAVIP, then forward to master FortiGate. You will also have to bind HAVIP to an EIP for VPC inbound traffic.