Fortinet Document Library

Version:

6.4.0
6.2.0

Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool
6.4 6.2 6.0

Azure Cookbook

6.2.0
6.4.0
6.2.0
Download PDF
Copy Link

Configuring multiple public IP addresses

When using multiple public IP address with an A-P cluster deployment, you must configure the same number of IP address configurations on the primary vNIC for both FortiGate-VMs. See Using public IP addresses. The current passive FortiGate-VM will only contain local IP addresses without public IP assignments. Additionally, you must add each public IP address to the Fabric connector configuration for failover:

config system sdn-connector

edit "AZConnector"

config nic

edit "FortiGate-A-NIC1"

config ip

edit "ipconfig2"

set public-ip "FGTAPClusterPublicIP2"

next

end

next

end

Since the virtual IP address only matches the local IP address destination, you must create a secondary virtual IP address that matches the local address assigned to the passive FortiGate-VM. Thus, at any given time, you have only one virtual IP address that matches an address on the currently active FortiGate-VM and another that would match traffic if a failover occurred. You should add both virtual IP addresses to the policy which allows the traffic. Additionally, since the configuration of the active FortiGate-VM does not replicate to the passive FortiGate-VM, you must complete configuration on both FortiGate-VMs.

Resources

Upgrade Path Tool

Configuring multiple public IP addresses

When using multiple public IP address with an A-P cluster deployment, you must configure the same number of IP address configurations on the primary vNIC for both FortiGate-VMs. See Using public IP addresses. The current passive FortiGate-VM will only contain local IP addresses without public IP assignments. Additionally, you must add each public IP address to the Fabric connector configuration for failover:

config system sdn-connector

edit "AZConnector"

config nic

edit "FortiGate-A-NIC1"

config ip

edit "ipconfig2"

set public-ip "FGTAPClusterPublicIP2"

next

end

next

end

Since the virtual IP address only matches the local IP address destination, you must create a secondary virtual IP address that matches the local address assigned to the passive FortiGate-VM. Thus, at any given time, you have only one virtual IP address that matches an address on the currently active FortiGate-VM and another that would match traffic if a failover occurred. You should add both virtual IP addresses to the policy which allows the traffic. Additionally, since the configuration of the active FortiGate-VM does not replicate to the passive FortiGate-VM, you must complete configuration on both FortiGate-VMs.