(Failover test) Creating load balancing rules and accessing the Windows server via RDP
This is the most crucial configuration to ensure the HA setup functions.
- Locate the Azure LB, then click Load balancing rules.
- Click Add to create a new load balancing rule. Configure like the following:
- Name: unique load balancing rule name
- Frontend IP address: choose from the two available values. In this example, let’s choose the one associated with FortiGate A.
- Port: 3389 for an RDP request made by your remote desktop application.
- Backend port: 3389 for RDP port listening on the Windows Server.
- Backend pool: by default, there is only one value consisting of the two FortiGate instances.
- Health probe: keep as-is.
- Session persistence: to learn about this option, click the information symbol. For testing purposes, select None.
- Do not change any other field. Click OK.
- From the PC, start the remote desktop client by specifying FortiGate A’s public IP address. If you can see the Windows desktop, this means FortiGate A’s firewall policy for RDP port forwarding is working as expected. At this stage, you know that at least FortiGate A’s port forwarding works as expected.
- Test the failover case by shutting down FortiGate A. It may take a few minutes to completely shut down.
- When one FortiGate is shut down, the Azure HA set shows the status as the following:
- If only FortiGate B is found to be alive, the Azure LB passes incoming traffic only to FortiGate B. Verify your management GUI access to FortiGate A does not work after shutdown.
- From your PC, start the remote desktop client by specifying the public IP address previously assigned to FortiGate A. This IP address is what you specified in the load balancing rule as the frontend IP address. You should still be able to access the Windows Server through FortiGate B. Do not forget to make the same port forwarding configuration on FortiGate B as in the previous steps.