Azure ingress and egress using public IP Example
Scenario objective
The FortiGate CNF instance inspects all external traffic inbound to compute resources and all traffic outbound from compute resources to the internet.
Before deployment of FortiGate CNF
The Before deployment of FortiGate CNF traffic flow is as follows:
Workload resources are situated in Public Subnet
(10.0.0.0/24).
-
Inbound traffic comes from the internet to the
Public IP
located inPublic Subnet
(10.0.0.0/24). -
Traffic passes to the workload resources in
Public Subnet
(10.0.0.0/24). -
Outbound traffic goes from the workload resources in
Public Subnet
to thePublic IP
located inPublic Subnet
(10.0.0.0/24). -
Traffic passes out to the internet.
After deployment of FortiGate CNF
The after topology traffic flow is as follows:
-
Inbound traffic comes from the internet to the
Public IP
located inPublic subnet
(10.0.0.0/24). -
Traffic is sent to the
Gateway load balancer
. -
The
Gateway load balancer
forwards the traffic to FortiGate CNF. -
After inspection, FortiGate CNF sends the traffic back to the
Gateway load balancer
. -
The
Gateway load balancer
sends the traffic back to thePublic IP
. -
The
Public IP
forwards the traffic to the workload resources inPublic Subnet
(10.0.0.0/24). -
Outbound traffic goes from the workload resources in
Public Subnet
to thePublic IP
. -
Traffic is sent to the
Gateway load balancer
. -
The
Gateway load balancer
forwards the traffic to FortiGate CNF. -
After inspection, FortiGate CNF sends the traffic back to the
Gateway load balancer
. -
The
Gateway load balancer
sends the traffic back to thePublic IP
. -
Traffic passes out to the internet.
To deploy the FortiGate CNF instance in this scenario:
-
In the FortiGate CNF console, in the instance settings, go to Configure Azure Endpoints.
-
Click Link Existing and connect to the virtual machine Public IP.
To edit the load balancer, see Editing a linked load balancer.