Fortinet Document Library

Version:


Table of Contents

About FortiWeb for Azure

Deploying FortiWeb on Azure

Use Case: High Availability for FortiWeb on Azure

Deploying Auto Scaling on Azure

Deploying FortiWeb-VM on Azure Stack

  • Select version:
  • 6.3
6.3.7
Copy Link

Overview

You can deploy FortiWeb-VM HA (High Availability) on Azure. This requires a manual deployment incorporating ARM (Azure Resource Manager).

FortiWeb HA supports three modes including active-active HA, standard active-active HA and high volume active-active HA. In the HA group, one of the member instances will be selected as the master node, while the others are slaves. If the master node fails, the slave takes over as the master. The FortiWeb-VMs run heartbeats between dedicated UPD-tunnel and synchronize the master node’s configuration to all the members in the HA group. For information on the three HA modes, see FortiWeb high availability (HA) in FortiWeb Administration Guide.

In standard active-active and high volume active-active HA modes, all the instances in the HA group process traffic. We use load balancer to distributes traffic to all the HA members. If an instance is down, it will be ignored by the load balancer for traffic distribution. If the failed instances is the master node, one of the slave instances immediately takes its role to become the new master.

In active-passive mode, only the master instance processes traffic. The load balancer forwards traffic to the master node. When the master node fails, the slave immediately takes the master role and processes traffic forwarded from the load balancer.

The following resources will be created in the deployment process:

  • A load balancer with public IP address.
  • FortiWeb-VM instances. The VMs are added in the load balancer's backend pool. We support up to eight FortiWeb-VMs in an HA group on Azure.
  • A public facing subnet connecting the FortiWeb outgoing interface (port1) to the load balancer.
  • A private subnet where one or more web application VMs that FortiWeb protects are located.

All the web traffic passes through the load balancer first, then it is directed to a collection of VMs called a backend pool. On public cloud platform, configurations are synchronized through FortiWeb's HA feature, but the traffic distribution among HA cluster members is achieved by the load balancer instead.

The following graph shows a typical active-passive HA topology.

 


 

 

Overview

You can deploy FortiWeb-VM HA (High Availability) on Azure. This requires a manual deployment incorporating ARM (Azure Resource Manager).

FortiWeb HA supports three modes including active-active HA, standard active-active HA and high volume active-active HA. In the HA group, one of the member instances will be selected as the master node, while the others are slaves. If the master node fails, the slave takes over as the master. The FortiWeb-VMs run heartbeats between dedicated UPD-tunnel and synchronize the master node’s configuration to all the members in the HA group. For information on the three HA modes, see FortiWeb high availability (HA) in FortiWeb Administration Guide.

In standard active-active and high volume active-active HA modes, all the instances in the HA group process traffic. We use load balancer to distributes traffic to all the HA members. If an instance is down, it will be ignored by the load balancer for traffic distribution. If the failed instances is the master node, one of the slave instances immediately takes its role to become the new master.

In active-passive mode, only the master instance processes traffic. The load balancer forwards traffic to the master node. When the master node fails, the slave immediately takes the master role and processes traffic forwarded from the load balancer.

The following resources will be created in the deployment process:

  • A load balancer with public IP address.
  • FortiWeb-VM instances. The VMs are added in the load balancer's backend pool. We support up to eight FortiWeb-VMs in an HA group on Azure.
  • A public facing subnet connecting the FortiWeb outgoing interface (port1) to the load balancer.
  • A private subnet where one or more web application VMs that FortiWeb protects are located.

All the web traffic passes through the load balancer first, then it is directed to a collection of VMs called a backend pool. On public cloud platform, configurations are synchronized through FortiWeb's HA feature, but the traffic distribution among HA cluster members is achieved by the load balancer instead.

The following graph shows a typical active-passive HA topology.