I have seen a number of articles relating to the deployment of Azure Fortigate firewalls but to me was never clear, too little info, too much info or info which did not help. After a number of setups, I finally found a recipe that I would like to share.
Log onto the Azure portal and search for the marketplace.
Then search for Fortigate. It should display the “Fortigate Next Generation firewall”.
Click on “Create” and select the type of deployment. For now, I will select a “single VM”.
Resource group, you can use an existing one or create a separate one for the firewall.
Enter an admin username, and a good strong password, and set a unique name prefix.
SKU – depends on the licensing method and version, well I kept mine on 6.4.8 as I noticed a number of bugs in the latest version. Perhaps at some point, it will be fixed.
The instance shows you the type of VM which is going to be used. I always recommend leaving it to default up until you license the device and based on the licensing, you can then resize the VM.
Onto networking. This was a bit confusing how Azure does the underlying routing as appose to a standard network where you can control end to end. During the network setup, you need to set up the CIDR. This is your whole next range. Then it is split into external, internal, and protected networks.
External network – Azure set up a public IP and NAT it to a private range which will become your WAN IP.
Private network – LAN network range.
Protected network – Default internet routed network
I disable the accelerated network for my use case.
Next to the Public IP. I prefer setting a static public IP for management purposes and another use case.
Basic SKU and static assignment.
On the Advanced tab, FortiManager and FortiAnalyzer can be set up later on. The serial console is important. Select “Yes”.
Leave a Reply