Do you know any benefits of using additional Load Balancer?

@@williamgregoire5090 Not a lot that I can think of. With separately managed LB, you only provision one Public IP address resource for the HA stack and the load balancer monitors the backend Fortigate VMs to determine which of the two HA members the public IP address should be assigned to. It works just as fine as a Fabric connector failover but with Fabric connector approach, at least I'm not managing and paying for Internal and external load balancers.

Great, thank you!

that would be great, just what I am looking for

Ever find out a method for doing this? I'm contemplating the same for an existing subscription. It's a debate between add a fortigate and do this all manually or use the template and move vm's to the new production subnet.

The easiest is to deploy a cluster next to the existing single VM and import the config into the cluster so you can test before migration. With UDRs you can move just a single subnet to the new setup. Migrating would mean you need to have the single FGT in an Availability Set or you need to move the VM into a zone. The latest Single VM templates allow you to add a FortiGate VM into an existing AV Set or AV Zone. Secondly you need to add extra network interfaces for the HA Sync and HA mgmt. Also if you are using Basic SKU public IPs I would move them to Standard SKU IPs and use the FortiGate Active/Passive ELB/ILB setup. Faster failover and less overhead in configuring routetable sync in the SDN connector.