Fortinet black logo

AliCloud Administration Guide

Home FortiGate Public Cloud 6.2.0 AliCloud Administration Guide

Deploying and configuring FortiGate-VM on AliCloud using HAVIP

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 277ff5c4-41cb-11e9-94bf-00505692583a:647589
Download PDF

Deploying and configuring FortiGate-VM on AliCloud using HAVIP

You can configure active-passive HA with two FortiGate-VM instances using HAVIP, which is configurable on the AliCloud platform. FortiGate-VM configuration is synchronized between the two instances. When a primary FortiGate-VM is down, a failover to a secondary FortiGate-VM occurs while sessions are kept, and the secondary unit is promoted to become the primary unit. HAVIP forwards traffic to the new primary FortiGate-VM while keeping switching time minimal.

In this scenario, the AliCloud VPC cannot create multiple route tables, and the VPC only supports one-arm deployment mode. HAVIP covers an inter-VPC service, and the VPC default route points to the HAVIP. VPC outbound traffic forwards to the HAVIP, then forwards to the primary FortiGate-VM. You must bind the HAVIP to an EIP for VPC inbound traffic.

Previous
Next

Deploying and configuring FortiGate-VM on AliCloud using HAVIP

You can configure active-passive HA with two FortiGate-VM instances using HAVIP, which is configurable on the AliCloud platform. FortiGate-VM configuration is synchronized between the two instances. When a primary FortiGate-VM is down, a failover to a secondary FortiGate-VM occurs while sessions are kept, and the secondary unit is promoted to become the primary unit. HAVIP forwards traffic to the new primary FortiGate-VM while keeping switching time minimal.

In this scenario, the AliCloud VPC cannot create multiple route tables, and the VPC only supports one-arm deployment mode. HAVIP covers an inter-VPC service, and the VPC default route points to the HAVIP. VPC outbound traffic forwards to the HAVIP, then forwards to the primary FortiGate-VM. You must bind the HAVIP to an EIP for VPC inbound traffic.

Previous
Next