Which two statements are true about A-A clusters compared to A-P clusters?

Your organization is deciding between deploying an active-active (A-A) or active-passive (A-P) FortiGate high availability (HA) cluster in AWS cloud.

Which two statements are true about A-A clusters compared to A-P clusters? (Choose two.)
A . For A-A clusters, FortiGate must perform SNAT inbound to ensure symmetric traffic flow.
B . A-A clusters rely on API calls for sfailovers.
C . A-A clusters always require a load balancer.
D . A-A clusters can use a software-defined network (SDN) to perform a failover.

Answer: A, C

Explanation:

Symmetric Traffic Flow with SNAT:

In active-active (A-A) clusters, symmetric traffic flow is essential for maintaining session integrity across multiple instances. Source Network Address Translation (SNAT) is performed inbound to ensure that return traffic is routed correctly (Option A). Load Balancer Requirement:

A-A clusters require a load balancer to distribute incoming traffic evenly across the active instances.

This is crucial for balancing the load and providing high availability (Option C).

API Calls and Failovers:

Option B is incorrect because failovers in A-A clusters do not typically rely on API calls but are managed by the load balancer and the clustering mechanism itself. Software-Defined Network (SDN) Failover:

Option D is incorrect as SDN is not specifically required for performing failovers in A-A clusters. The failover mechanism is typically managed by the load balancer and FortiGate’s clustering technology.

Reference: FortiGate High Availability on AWS: FortiGate HA

AWS Elastic Load Balancing: AWS ELB

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments