Fortinet is now supporting a floating private IP

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/751599/azure-sdn-connector-moves-private-ip-address-on-trusted-nic-during-a-p-ha-failover-7-4-5

Also interesting it uses secondary IP Addressing:

Add a secondary IP address, 172.16.32.22 in this example, to the HA nodes

    config system interface

    edit "port2"

    set secondary-IP enable

    config secondaryip

    edit 1

    set ip 172.16.32.22/28

    set allowaccess ping

    next

    end

    next

    end

    Good or Bad?

    I think it’s an excellent idea that way the route table doesn’t need to be changed and the FortiGate’s will both have the IP Address already on the boxes.

    Leave a Reply

    Your email address will not be published. Required fields are marked *