Unable to access firewall through Public management IPs - Azure Active -Passive Ha deployment with ELB and ILB

Question

Unable to access firewall through Public management IPs - Azure Active -Passive Ha deployment with ELB and ILB

jeraldkphilip opened this issue 2 years ago · 2 comments

Hi,

I have deployed the Fortigate vm in active passive ha configuration with load balancers using the template provided in this git repo. After the deployment i can access the firewalls from a jump server using the private management IPs in the NIC4 in each firewall. But the public IPs associated with NIC4 in both the firewalls are not reachable. Could you please help me with the troubleshooting steps.

Thanks,
Jerald

Answer 1 · 2022-11-10T17:28:15.000Z

Hi,

Thank you for opening this issue. Can you verify the following items to debug your environment? If needed you can also open a support ticket with our TAC.

Is the public IP correctly attached to private IP on the port4 management NIC?
Have you verified the effective routes on the Network Interface 4? Make sure the default 0.0.0.0/0 route is pointing to internet.
Have you verified the effective security rules on the Network Interface 4? Is the port 443 and port 22 accepted from outside.
Can you use 'diag debug sniffer port4 "port 443 or port 22"'? This allows you to verify if the packet arrives on the FortiGateVM. If the packet is not arriving then it is clear there is something on the azure side.

Regards,

Joeri

Answer 2 · 2022-11-10T21:18:39.000Z

Thanks Joeri,

The issue was fixed later, i missed to close the case here. As you have rightly pointed out the issue was of the missing route to internet on the hub vnet. The traffic was going to on prem and then getting dropped. I have added a UDR which points 0.0.0.0/0 to internet and it fixed the issue. Thanks much for looking into the issue.