my fortigate has v6.4.3 with HA and i want upgrade to 7.2.8, and of course there's some step upgrade to get 7.2.8. nah when upgrade to 6.4.5, is there downtime when upgrade per step and while swing traffic? how mant time rto?

Session will not eatablish since syn, syn-ack, ack will not be formed. Firewall 1 would expect the return traffic but the return traffic is coming on fw 3. So session will not bw formed. It wont work

It will be assymetric traffic

Well done sajid

very well drawn diagrams, i appreciate the time spent on how neat they are.

If firewall with HA configured can we upgrade firmware from centralized manager also if we do both device will reboot same time ?

Hands down the best explanation for PA NVA Firewall Design in Azure.

شکریہ بھائی

Both given link not working

Is it the process while downgrading please?

very informative

Great explanation. You should have more videos about the other design model in the guide.

How about the outbound internet traffic? Can we route outbound internet traffic from multiple firewalls using outbound load balancers? That way it will always have same outbound public ip address.

hi, do you provide consultancy services? if yes, how do we reach out to you?

hi, do you provide consultancy services?

49:55 , what if internal wants to go to internet, here you didn't specify the default to internet

Fantastic explanation, thank you!

Hi..., I have two Fortinet 100F in an A-P cluster, with firmware v6.4.5 and I want to upgrade to v7.2.4. From what I can see in the GUI, the upgrade roadmap involves 4 intermediate versions, to then get to 7.2.4. My query would be then..., (defining the same Priority for each node and disabling the Override, as you recommend), could I start the upgrade without major considerations and without affecting the user sessions? And on the other hand, the updates would be progressive, that is to say, first, the whole process of updating to 7.2.4, of a node and then the other ..., or each node would be updated, alternatively, to each intermediate version of the roadmap? Thank you very much for your time

You are not answering the questions that is why the students are confused. For example You did not clearly explain the meaning and intention of the availability zone - which is zone of one or more data centres

A very thorough explanations, thank you for your work!

Very well explained. Thank you so much

Very well explained thank you it helped me in my new project

Hello I have a question related to this .. Let's say we 2 NVA ( Palo Alto vm-300) in HA ( active passive) & I have 2 VMS as web servers Questions -- - I want to route both inbound and outbound (internet) traffic of web servers via NVA ... How should I do it ?? Should I have a internal azure lb >> add webservers as backend members to lb >> create a vip && point it towards the trust interface of NVA - Palo Alto ?? && For VMS have a UDR & default route towards the lb ??? What will happen if a failover happens at NVA - Palo Alto , how the traffic switch will happen in this case ??

kzbin.info/door/9zVmz9afR7wIfE_xLPbwCg

Very well explained Thanks !

THANKS DEAR VERY HELPFUL VIDEO

I see you opened two web-interfaces with different IP-addresses. The second is the web-interface of slave-unit or Forti-manager? Cos in our HA-cluster slave-unit get same IP as master, so I don`t understand what did you check when pinging. Or yours HA mode is Active/Active?..

hello sir i dont have any demo license and i want to apply for 30 days free trial license could you help me

So, just upgrade the master then the second fortigate will upgrade also ?

How about the UDR setup that needs to be done to forward traffic from all protected subnets to the FW and out to the internet? It is difficult to do as there are load balancers involved both internal and external...

Asalaumalkum, BarakAllah feek for this excellent teaching of knowledge. The template seems to have been deprecated and I get pointed to an "updated version" but that updated version is a template for ELB & ILB which I don't want. I tried searching using the URL in your video but that does not exist anymore it seems :(

Thanks for the great explanation. I have recorded Azure advance routing scenarios with respect to Azure PaloAlto deployment. kzbin.info/www/bejne/hpfPf32rmqeFoZI

Excellent video, I have a query for Where to get the license to practice a Lab.

you explained the difficult concept in deadly easy manner. Fabulous, Great job.

Well explained! thanks much. Please bring more topics.

Active/Active cannot be deployed Azure or other public clouds as per Palo docs.

Please upload the slides.

We have deployed Active passive using loadbalancer but when failover occur ip address of firewall don't switch and now VIP as well as static routes are getting sync . We are not able to access SSL VPN and IpSec tunnel due to this . Anyone has deployed it

nicely explained, but problem is Audio issue, Please fix that because withought proper Video/Audio even good content could not appreciated. Thank you

Will there downtime when upgrading HA ?

Great explanation I am just confused about how this is configured in terms of availability sets , are you able to explain ?

superb explanation sir

someone deploy two firewall in HA in different regions?

Excellent work. the number 9 is repeated. Will you make video 10 available?

Great training

How many VR per firewall? With back and frontend LB how do you do the check of FW from LB?

Very useful

By default , the networks adapter come without Azure Accelerate Networking enable, Any issue if I want to do this change in the Azure

I have a issue, with my Fortigates deploy with SDN connector, when I want to do a HA test, reboot the master firewall an them look the traffic in the slave firewall but the Azure UDRs routing tables don't update, in the SDN connector each firewall is well configured. Can you help me?

Cleared many doubts.. thank you very much. Please upload F5 Lm