VPN connexion with on premises in active/passive HA setup

Question

VPN connexion with on premises in active/passive HA setup

batrixo opened this issue 3 years ago · 1 comments

Hi,

We have succesfully created several HA setups in active / passive mode thanks to your work.

We are currently struggeling with some VPN setup. We would like to use the fortigate instances to hold VPN connections with on premises networks.
We would like to have only one tunnel with one peer IP towards Azure that fails over in case of failure of the master member of the fortigate cluster.
We did not managed to get a successful setup, do you have any clue on this ?

Best regards,

Answer 1 · 2021-08-30T22:01:58.000Z

Hi @batrixo,

For IPSEC tunnels it is best to route them via the Azure Load Balancer using UDP 500 and UDP 4500 using NAT-T. You can find more information on the links below:

https://github.com/fortinet/azure-templates/blob/main/FortiGate/Active-Passive-ELB-ILB/doc/config-inbound-connections.md#configuration---ipsec

https://github.com/40net-cloud/fortinet-azure-solutions/tree/main/FortiGate/SD-WAN

If you have further questions you can connect with our support or azure@fortinet.com.

Joeri