A is incorrect because the FortiGate public IP is not the next-hop for all the traffic. The FortiGate
public IP is only used for incoming traffic from the internet. The Azure load balancer distributes the
incoming traffic to the active FortiGate VM based on a health probe123. The FortiGate public IP is not
used for outgoing traffic or internal traffic.
B is correct because an internal load balancer listener is the next-hop for outgoing traffic. The
internal load balancer listener is configured with a floating IP address that is assigned to the active
FortiGate VM. The internal load balancer listener also has a health probe to monitor the status of the
FortiGate VMs123. The internal load balancer listener forwards the outgoing traffic to the internet
through the public load balancer.
C is incorrect because you do not need to add a route to the Microsoft VIP used for the health
check. The Microsoft VIP is an internal IP address that is used by the Azure load balancer to send
health probes to the FortiGate VMs123. The Microsoft VIP is not reachable from outside the Azure
network and does not require any routing configuration on the FortiGate VMs.
D is correct because a dedicated management interface can be used for load balancing. In this
deployment, port4 is used as a dedicated management interface that connects to the management
network3. The dedicated management interface can be used to access the FortiGate VMs for
configuration and monitoring purposes. The dedicated management interface can also be used to
synchronize the configuration and session information between the primary and secondary devices
in an HA cluster2.
You are deploying two FortiGate VMS in HA active-passive mode with load balancers in Microsoft
Azure
Which two statements are true in this load balancing scenario? (Choose two.)
You are deploying two FortiGate VMS in HA active-passive mode with load balancers in Microsoft
Azure
Which two statements are true in this load balancing scenario? (Choose two.)