![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 82%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
409 questions
Hello @Ali Allafzadeh ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you need to deploy two FortiGate Firewalls in Active/Active mode behind an Azure Public Load Balancer, and you would like to know if there is any solution to prevent region level failures or single point of failure for this setup.
Azure Load Balancer supports availability zones scenarios. You can use Standard Load Balancer to increase availability throughout your scenario by aligning resources with, and distribution across zones. A Load Balancer can either be zone redundant, zonal, or non-zonal. In a region with Availability Zones, a Standard Load Balancer can be zone-redundant with traffic served by a single IP address. A single frontend IP address survives zone failure. The frontend IP may be used to reach all (non-impacted) backend pool members no matter the zone. Up to one availability zone can fail and the data path survives as long as the remaining zones in the region remain healthy.
Refer: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones
However, under rare circumstances, it is possible that facilities in an entire region can become inaccessible, for example, due to network failures. And if the whole region goes down, then the network will go down and the data path will fail.
To load balance traffic across regions, Azure provides Azure Traffic Manager which is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness. Traffic manager provides automatic failover if there's a regional outage. It uses priority routing and regular health checks to determine where to route traffic.
https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://learn.microsoft.com/en-us/azure/networking/disaster-recovery-dns-traffic-manager
So, you can use mirrored deployments in two or more Azure regions, each configured to handle production workloads for the region or regions they serve and scalable to handle loads from other regions in case of a regional outage.
We have a documented architecture for multi-region load balancing with Traffic Manager, Azure Firewall, and Application Gateway, which you can refer below:
You can combine the Azure load balancing services to achieve high availability or disaster recovery. Please refer the below docs for more information:
https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-load-balancing-azure
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.