Fortinet black logo

Overview

Copy Link
Copy Doc ID d99c9968-125b-11e9-b86b-00505692583a:277766

Overview

You can deploy FortiWeb-VM HA (High Availability) on Azure. This requires a manual deployment incorporating ARM (Azure Resource Manager).

FortiWeb HA on Azure supports active-passive HA and high volume active-active HA. For information on the HA modes, see FortiWeb high availability (HA) in FortiWeb Administration Guide.

In high volume active-active HA modes, all the instances in the HA group process traffic. We use load balancer to distributes traffic to all the HA members. If an instance is down, it will be ignored by the load balancer for traffic distribution. If the failed instances is the master node, one of the slave instances immediately takes its role to become the new master.

In active-passive mode, only the master instance processes traffic. The load balancer forwards traffic to the master node. When the master node fails, the slave immediately takes the master role and processes traffic forwarded from the load balancer.

Active-active-standard mode is no longer supported. After upgrading to 6.3.6 and higher versions, FortiWeb-VMs with this mode will automatically switch to active-active-high-volume mode.

The following resources will be created in the deployment process:

  • A load balancer with public IP address.
  • FortiWeb-VM instances. The VMs are added in the load balancer's backend pool. We support up to eight FortiWeb-VMs in an HA group on Azure.
  • A public facing subnet connecting the FortiWeb outgoing interface (port1) to the load balancer.
  • A private subnet where one or more web application VMs that FortiWeb protects are located.

All the web traffic passes through the load balancer first, then it is directed to a collection of VMs called a backend pool. On public cloud platform, configurations are synchronized through FortiWeb's HA feature, but the traffic distribution among HA cluster members is achieved by the load balancer instead, so FortiWeb-VM itself doesn't set up traffic group and node allocation.

The following graph shows a typical active-passive HA topology.


Overview

You can deploy FortiWeb-VM HA (High Availability) on Azure. This requires a manual deployment incorporating ARM (Azure Resource Manager).

FortiWeb HA on Azure supports active-passive HA and high volume active-active HA. For information on the HA modes, see FortiWeb high availability (HA) in FortiWeb Administration Guide.

In high volume active-active HA modes, all the instances in the HA group process traffic. We use load balancer to distributes traffic to all the HA members. If an instance is down, it will be ignored by the load balancer for traffic distribution. If the failed instances is the master node, one of the slave instances immediately takes its role to become the new master.

In active-passive mode, only the master instance processes traffic. The load balancer forwards traffic to the master node. When the master node fails, the slave immediately takes the master role and processes traffic forwarded from the load balancer.

Active-active-standard mode is no longer supported. After upgrading to 6.3.6 and higher versions, FortiWeb-VMs with this mode will automatically switch to active-active-high-volume mode.

The following resources will be created in the deployment process:

  • A load balancer with public IP address.
  • FortiWeb-VM instances. The VMs are added in the load balancer's backend pool. We support up to eight FortiWeb-VMs in an HA group on Azure.
  • A public facing subnet connecting the FortiWeb outgoing interface (port1) to the load balancer.
  • A private subnet where one or more web application VMs that FortiWeb protects are located.

All the web traffic passes through the load balancer first, then it is directed to a collection of VMs called a backend pool. On public cloud platform, configurations are synchronized through FortiWeb's HA feature, but the traffic distribution among HA cluster members is achieved by the load balancer instead, so FortiWeb-VM itself doesn't set up traffic group and node allocation.

The following graph shows a typical active-passive HA topology.