Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Azure Deployment Guide

Copy Link

Important notes

  1. In L4_VS DNAT mode or L7_VS mode enabled "client-address", make sure FortiADC is the gateway for RS.
  2. If you want to use L4_VS DNAT, you have to go to the outgoing port in Azure and enable IP forwarding, because the RS source IP is not the same as the FortiADC outgoing port IP.
  3. Does not support HA-AP and HA-AA mode.
  4. Only supports HA-VRRP group with two FortiADC's currently.

    Note: It takes 5 to 10 minutes for each VS/floating IP address to move to the peer ADC by Azure design. Therefore, when there are multiple VS/floating IP's to be moved to the peer ADC, the HA-VRRP function will not work well on Azure.

  5. If you configure L4VS “NAT Source Pool” or SNAT “Translation to IP Address”, Floating IP etc, you must add these IP's to the instance interface via secondary IP on Azure.
  6. If you manually change the FortiADC’s configuration, for example by changing VS IP, second IP, floating IP, NAT Source Pool, or changing the VS traffic group, you must make the corresponding changes on Azure.
  7. It is suggested that you use a static IP on Azure, because in the case of an FortiADC HA failover the dynamic IP may change, so the Azure IP and the FortiADC IP will not be the same.
  8. VS IP, Floating IP, NAT Source Pool cannot be the same as the interface primary IP, because in the case of an FortiADC HA failover there may be issues.
  9. You have to use log disk, otherwise some functions cannot be used correctly, like VRRP.

Important notes

  1. In L4_VS DNAT mode or L7_VS mode enabled "client-address", make sure FortiADC is the gateway for RS.
  2. If you want to use L4_VS DNAT, you have to go to the outgoing port in Azure and enable IP forwarding, because the RS source IP is not the same as the FortiADC outgoing port IP.
  3. Does not support HA-AP and HA-AA mode.
  4. Only supports HA-VRRP group with two FortiADC's currently.

    Note: It takes 5 to 10 minutes for each VS/floating IP address to move to the peer ADC by Azure design. Therefore, when there are multiple VS/floating IP's to be moved to the peer ADC, the HA-VRRP function will not work well on Azure.

  5. If you configure L4VS “NAT Source Pool” or SNAT “Translation to IP Address”, Floating IP etc, you must add these IP's to the instance interface via secondary IP on Azure.
  6. If you manually change the FortiADC’s configuration, for example by changing VS IP, second IP, floating IP, NAT Source Pool, or changing the VS traffic group, you must make the corresponding changes on Azure.
  7. It is suggested that you use a static IP on Azure, because in the case of an FortiADC HA failover the dynamic IP may change, so the Azure IP and the FortiADC IP will not be the same.
  8. VS IP, Floating IP, NAT Source Pool cannot be the same as the interface primary IP, because in the case of an FortiADC HA failover there may be issues.
  9. You have to use log disk, otherwise some functions cannot be used correctly, like VRRP.