Get Fortinet FortiGate on Alibaba Cloud by visiting our Marketplace:
Fortinet FortiGate (PAYG) Next-Generation Firewall (4 vCPUs)
Fortinet FortiGate (PAYG) Next-Generation Firewall (8 vCPUs)
In this 3-part article series, we will show you in detail the steps for deploying and configuring Fortinet FortiGate (FGT) A-P High Availability (HA) on Alibaba Cloud between availability zones (AZ).
Verify the HA result on both Fortigate. You can use EIP1 and EIP2 to remotely access Fortigate.
Create a Linux WebServer VM in zone a called web-a to verify the HA. Choose VPC and zone A internal-a switch. Setup your username and password.
After starting this instance, you can access this web-a console via alicloud vnc console connect.
The next step is to start the web server. This web-a VM comes with python installed, so we will just use python as web server for testing.
You can use a browser to curl to access this web server via FGT-1 EIP3 address from your local PC. EIP3 is currently associated with FGT-1 as FGT-1 is master.
Verify the web server can be accessed from the internet.
On the FGT-1 log & Report menu, you can see the access log.
The web server will dump the access information.
Let's now verify the egress traffic. Since web-a is able to access the internet, we can use ping to verify that.
You can also show traffic logs from FGT-1.
Keep on pinging web-a, and let's reboot FGT-1 to trigger a switchover. Record the switch-over time and change of VPC routing table and EIP moving to new master.
Start ping from web-a console.
Reboot FGT-1 from FGT-1 menu.
Choose Restart FGT-1.
Ping will interrupt around 24 seconds.
Web service should start to work again at a similar time interruption.
Now let's take a look at the master slave change as well as the routing table and EIP3 moving.
FGT-1 now becomes slave, FGT-2 becomes master.
EIP3 is associated with the Secondary Fortigate instance which is FGT-2.
VPC custom routing table 0.0.0.0/0
now points to ENI that is attached to zone B internal-B switch.
If you want to use terraform instead GUI to deploy the resource, clone the code in the following link: https://github.com/yagosys/fortigate_aliyun/tree/master/AP-CrossZone
Obtain FortiManager Cloud license.
Set up FortiGate.
Then go to FortiManager Cloud to configure FortiManager to authorize this Fortigate.
https://github.com/yagosys/fortigate_aliyun/tree/master/AP-CrossZone
Get Fortinet FortiGate on Alibaba Cloud by visiting our Marketplace:
Fortinet FortiGate (PAYG) Next-Generation Firewall (4 vCPUs)
Fortinet FortiGate (PAYG) Next-Generation Firewall (8 vCPUs)
21 posts | 12 followers
FollowMarketplace - August 17, 2020
Marketplace - August 18, 2020
Marketplace - February 21, 2019
Marketplace - September 17, 2021
Alibaba Cloud Community - August 18, 2022
ApsaraDB - March 4, 2021
21 posts | 12 followers
FollowA cloud firewall service utilizing big data capabilities to protect against web-based attacks
Learn MoreProvides traffic control and security protection for the Internet, virtual private cloud (VPCs), and hosts in VPCs
Learn MoreExplore Web Hosting solutions that can power your personal website or empower your online business.
Learn MoreWeb App Service allows you to deploy, scale, adjust, and monitor applications in an easy, efficient, secure, and flexible manner.
Learn MoreMore Posts by Marketplace