Azure ingress and egress using public IP Example

Scenario objective

The FortiGate CNF instance inspects all external traffic inbound to compute resources and all traffic outbound from compute resources to the internet.

Before deployment of FortiGate CNF

The Before deployment of FortiGate CNF traffic flow is as follows:

Workload resources are situated in Public Subnet (10.0.0.0/24).

1. Inbound traffic comes from the internet to the Public IP located in Public Subnet (10.0.0.0/24).

2. Traffic passes to the workload resources in Public Subnet (10.0.0.0/24).

3. Outbound traffic goes from the workload resources in Public Subnet to the Public IP located in Public Subnet (10.0.0.0/24).

4. Traffic passes out to the internet.

After deployment of FortiGate CNF

The after topology traffic flow is as follows:

1. Inbound traffic comes from the internet to the Public IP located in Public subnet (10.0.0.0/24).

2. Traffic is sent to the Gateway load balancer.

3. The Gateway load balancer forwards the traffic to FortiGate CNF.

4. After inspection, FortiGate CNF sends the traffic back to the Gateway load balancer.

5. The Gateway load balancer sends the traffic back to the Public IP.

6. The Public IP forwards the traffic to the workload resources in Public Subnet (10.0.0.0/24).

7. Outbound traffic goes from the workload resources in Public Subnet to the Public IP.

8. Traffic is sent to the Gateway load balancer.

9. The Gateway load balancer forwards the traffic to FortiGate CNF.

10. After inspection, FortiGate CNF sends the traffic back to the Gateway load balancer.

11. The Gateway load balancer sends the traffic back to the Public IP.

12. Traffic passes out to the internet.

To deploy the FortiGate CNF instance in this scenario:

1. In the FortiGate CNF console, in the instance settings, go to Configure Azure Endpoints.

2. Click Link Existing and connect to the virtual machine Public IP.

   To edit the load balancer, see Editing a linked load balancer.