How to Deploy SDN-HA FortiGate VM in Azure [FortiGate and Fabric Connector Setup]

Поділитися
Вставка
  • Опубліковано 6 лис 2024

КОМЕНТАРІ • 17

  • @andrewcullen7336
    @andrewcullen7336 Місяць тому +2

    You dont get enough credit for this video. The documentation does not cover anywhere close to what you go through. I searched for a long time as I could not get my failover working and asked in the official Discord and nobody helped. Watched your video and it explained it very well. Thank you for doing the video.

  • @SmallvilleJW
    @SmallvilleJW 19 днів тому

    Awesome video! This was so helpful and clear. Thank you very much!

  • @goodupandit3640
    @goodupandit3640 2 роки тому +1

    I've never seen a video this beneficial before.

  • @jasonredwine2916
    @jasonredwine2916 Рік тому

    Best video I have seen of this yet! Both MS and FGT support sent me links to some craziness, but this was clear and concise, but, mostly, EXACTLY what MS/FGT should have produced. Thanks for doing their work! A+ video!

  • @13Anant
    @13Anant 2 роки тому +1

    Concise and to the point. I've always used ILB/ELB for HA in Azure but it turns out the Fabric Connector is a much more efficient way of managing HA and failover. Thanks heaps :)

    • @williamgregoire5090
      @williamgregoire5090 Рік тому

      Do you know any benefits of using additional Load Balancer?

    • @13Anant
      @13Anant Рік тому

      @@williamgregoire5090 Not a lot that I can think of. With separately managed LB, you only provision one Public IP address resource for the HA stack and the load balancer monitors the backend Fortigate VMs to determine which of the two HA members the public IP address should be assigned to. It works just as fine as a Fabric connector failover but with Fabric connector approach, at least I'm not managing and paying for Internal and external load balancers.

    • @williamgregoire
      @williamgregoire Рік тому

      Great, thank you!

  • @EyeIn_The_Sky
    @EyeIn_The_Sky 2 роки тому +5

    I wish you would do a tutorial showing a similar HA setup but with External and Internal Load balancers involved :/

    • @aminderpuri640
      @aminderpuri640 2 роки тому

      that would be great, just what I am looking for

  • @ashokfaujdar6367
    @ashokfaujdar6367 Рік тому

    Really helpful information and i did the similar config as you demonstrated, thanks man !

  • @williamgregoire5090
    @williamgregoire5090 Рік тому

    Is there any advantage of implementing Active/Pasive with ILB/ELB over this model with the Fabric Connector?
    After seeing this video I don't see any (it costs more, and I have more components to manage with additional LoadBalancers)?
    Thank you for your help and great video

  • @nemanjaserafimovic9939
    @nemanjaserafimovic9939 Рік тому

    Thanks for this video! The best explanation of this scenario I've ever seen! Could you please cover the Active - Active scenario with Load Balancers as well?

  • @aminderpuri640
    @aminderpuri640 2 роки тому

    Hi, I was wondering what you need to do to get the fortigate to update other routes you may have in the routing table when switching over to the secondary firewall?

  • @princeboothe9200
    @princeboothe9200 2 роки тому +1

    If a Single VM for Fortigate was deployed and I want to add another Fortigate to create HA, can I use the marketplace or do I use the ARM template?

    • @SpacezCowboy
      @SpacezCowboy 2 роки тому

      Ever find out a method for doing this? I'm contemplating the same for an existing subscription. It's a debate between add a fortigate and do this all manually or use the template and move vm's to the new production subnet.

    • @joerivanhoof5820
      @joerivanhoof5820 2 роки тому

      The easiest is to deploy a cluster next to the existing single VM and import the config into the cluster so you can test before migration. With UDRs you can move just a single subnet to the new setup. Migrating would mean you need to have the single FGT in an Availability Set or you need to move the VM into a zone. The latest Single VM templates allow you to add a FortiGate VM into an existing AV Set or AV Zone. Secondly you need to add extra network interfaces for the HA Sync and HA mgmt. Also if you are using Basic SKU public IPs I would move them to Standard SKU IPs and use the FortiGate Active/Passive ELB/ILB setup. Faster failover and less overhead in configuring routetable sync in the SDN connector.