Azure ingress and egress using Load Balancer with public IP Example
Scenario objective
The FortiGate CNF instance inspects all external traffic inbound to compute resources and all traffic outbound from compute resources to the internet.
Before deployment of FortiGate CNF
The Before deployment of FortiGate CNF traffic flow is as follows:
Workload resources are situated in Private Subnet
(10.0.1.0/24) and accessed through Load Balancer with Public IP
in Public Subnet
(10.0.0.0/24).
-
Inbound traffic comes from the internet to the
Load Balancer with Public IP
located inPublic Subnet
(10.0.0.0/24). -
Traffic passes to the workload resources in
Private Subnet
(10.0.1.0/24). -
Outbound traffic goes from the workload resources in
Private Subnet
to theLoad Balancer with Public IP
located inPublic Subnet
(10.0.0.0/24). -
Traffic passes out to the internet.
After deployment of FortiGate CNF
The after topology traffic flow is as follows:
-
Inbound traffic comes from the internet to the
Load Balancer with Public IP
located inPublic subnet
(10.0.0.0/24). -
Traffic is sent to the
Gateway load balancer
. -
The
Gateway load balancer
forwards the traffic to FortiGate CNF. -
After inspection, FortiGate CNF sends the traffic back to the
Gateway load balancer
. -
The
Gateway load balancer
sends the traffic back to theLoad Balancer with Public IP
. -
The
Load Balancer with Public IP
forwards the traffic to the workload resources inPrivate Subnet
(10.0.1.0/24). -
Outbound traffic goes from the workload resources in
Private Subnet
to theLad Balancer with Public IP
. -
Traffic is sent to the
Gateway load balancer
. -
The
Gateway load balancer
forwards the traffic to FortiGate CNF. -
After inspection, FortiGate CNF sends the traffic back to the
Gateway load balancer
. -
The
Gateway load balancer
sends the traffic back to theLoad Balancer with Public IP
. -
Traffic passes out to the internet.
To deploy the FortiGate CNF instance in this scenario:
-
In the FortiGate CNF console, in the instance settings, go to Configure Azure Endpoints.
-
Click Link Existing and connect to the Load Balancer.
To edit the load balancer, see Editing a linked load balancer.