Your organization is deciding between deploying an active-active (A-A) or active-passive (A-P) FortiGate high availability (HA) cluster in AWS cloud. Which two statements are true about A-A clusters compared to A-P clusters? (Choose two.)
A.
For A-A clusters, FortiGate must perform SNAT inbound to ensure symmetric traffic flow.
B.
A-A clusters rely on API calls for failovers.
C.
A-A clusters always require a load balancer.
D.
A-A clusters can use a software-defined network (SDN) to perform a failover.
a. For A-A clusters, FortiGate must perform SNAT inbound to ensure symmetric traffic flow.
In an active-active cluster, traffic distribution is split between multiple FortiGate units. To maintain symmetric traffic flow across the units, Source NAT (SNAT) must be used. This ensures that the return traffic follows the same path as the inbound traffic.
c. A-A clusters always require a load balancer.
Active-active clusters need a load balancer to distribute traffic across multiple active FortiGate units to ensure they both process traffic simultaneously. The load balancer helps manage traffic across both active devices in the cluster.
The other options are less accurate:
b. API calls are primarily involved in managing failovers for active-passive (A-P) clusters, not active-active.
d. Active-passive clusters typically utilize SDN for failover, while active-active clusters rely more on load balancers for traffic distribution.
These distinctions help to clarify the key differences between A-A and A-P setups.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
myrmidon3
2 months, 4 weeks agoyerno1
3 months, 1 week agothe_giant
5 months, 2 weeks ago