Microsoft Azure, Fortinet Unicast HA How to Deploy Step By Step (SDN Connector API) ,

No video

Microsoft Azure, Fortinet Unicast HA How to Deploy Step By Step (SDN Connector API) ,

Рет қаралды 5,057

Күн бұрын

In this video we have discussed about...
FortiGate's native active-passive HA feature (without using an Azure supplementary mechanism such as Azure LB) with two FortiGate instances:
one acting as the primary/master node and the other as secondary/slave node, both located in the same region.
This is called unicast HA and is specific to cloud environments including Azure.

Пікірлер: 29

@user-wm6mp4ye9q 3 жыл бұрын

Good, clear and wow

@nhntechroom 4 жыл бұрын

great

@josearmandotorres3118 3 жыл бұрын

By default , the networks adapter come without Azure Accelerate Networking enable, Any issue if I want to do this change in the Azure

@smashikhits 4 жыл бұрын

Very informative

@Rahimbhamani 4 жыл бұрын

Excellent video. I have query. What if master firewall online again? The cluster ip again assign to box A? And udr also change

@ee07168 4 жыл бұрын

depends on your configuration if you have configured HA overide than yes

@EyeIn_The_Sky 2 жыл бұрын

Asalaumalkum, BarakAllah feek for this excellent teaching of knowledge. The template seems to have been deprecated and I get pointed to an "updated version" but that updated version is a template for ELB & ILB which I don't want. I tried searching using the URL in your video but that does not exist anymore it seems :(

@ee07168 2 жыл бұрын

kindly let me know which type of template you are looking for you can send me on wats app the details 00974-33703804

@srinibasbarik7258 2 жыл бұрын

Excellent video, I have a query for Where to get the license to practice a Lab.

@ee07168 2 жыл бұрын

You need a paid account for Azure

@awsnabil84 4 жыл бұрын

I have about 3 subnets behind the firewall and each has 0.0.0.0/0 pointing to the Active Firewall, how the route will change to point to the other Firewall in case of a failover. The HA script only changes one UDR which is on the firewall and moves the VIP. do we need to add every UDR into that script to have it points to the other firewall in case of a failover? I'm trying to have an HA in a VNET and other Peered VNets with their subnets.

@ee07168 4 жыл бұрын

if you would like to avoid to change each UDR using script you can go with ALB design which is far better than script

@ee07168 4 жыл бұрын

I hope it is clear if it is not let me know

@awsnabil84 4 жыл бұрын

@@ee07168 I deployed the ALB design with two LB, I had the Ext one working and health probe giving healthy but not for the Int LB, it never gave healthy state on the probes (I was able to reach the FW Internal NICs from a jumpbox using SSH which tells me the FW are accepting TCP-22) and I'm using SSH as the Health Probe ports. And is the design with ALB for FortiGate HA is going to work with IPSec; how the VIP will be located in this case?

@ee07168 4 жыл бұрын

@@awsnabil84 kzbin.info/www/bejne/l6G0YaWAgaqMg5I check out this video with ALB

@user-wm6mp4ye9q 3 жыл бұрын

Is it the same now.. We need API config still??? Using fortios 7.x.x

@ee07168 3 жыл бұрын

You can deploy without API as well with the help of Azure LB. I have uploaded one video without API

@muhammadattaullah6236 4 жыл бұрын

Outstanding stuff, only one question I can get tenant ID and Sub ID but where I can find application id and which application I want to register?

@ee07168 4 жыл бұрын

You can find it in app registration active directory services

@ee07168 4 жыл бұрын

You need to register active directory service go to search bar and type app registration you will find out

@muhammadattaullah6236 4 жыл бұрын

@@ee07168 i clicked on active directory and app registration is there so when i select registration it asked me which app?

@muhammadattaullah6236 4 жыл бұрын

I can share a screenshot if you want or i sent you an email if you can check?

@muhammadattaullah6236 4 жыл бұрын

@@ee07168 Thanks for sharing your number, I locked ticket with Microsoft and it registered application in AD. BTW very good stuff from your side and it really helped a lot. Thanks for your time and efforts to make this topic easy.