If the election of the primary FortiGate is not successful, reset the elected primary FortiGate. If the reset does not solve the problem, please contact support.
Prior to redeploying with your existing VNet, you must ensure that the VNet meets the Requirements when using an existing VNet. You must also perform a VNet related cleanup using the following steps:
- Load the VNet resource group Overview page. If your deployment only has one resource group, this is the Autoscale resource group.
- Click the link under Deployments.
- From the Deployments page, click Microsoft.Template.
- In the navigation column, click Outputs.
- Copy the value of
cmdVNetCleanUpand run it as an Azure CLI command (click >_ to launch the CLI) to perform the required cleanup.
- If your deployment has two resource groups, delete the Autoscale resource group. Otherwise, delete the following components:
- Azure Cosmos DB account
- App Service
- Application Insights (if present)
- App Service plan
- Storage account
- Delete the following components from the VNet resource group:
- the Public Load balancer
- the Internal Load balancer
- the Virtual machine scale set for BYOL
- the Virtual machine scale set for PAYG
- the Public IP address (if created by the autoscale deployment and you don't want to reuse it)
To reset the elected primary FortiGate, navigate to the CosmosDB FortiGateAutoscale and open the table FortiGatePrimaryElection and delete the only item in the table.
A new primary FortiGate will be elected and a new record will be created as a result.
For details on locating the CosmosDB FortiGateAutoscale and the table FortiGatePrimaryElection, refer to the section Verifying the deployment.
If the stack stops working when it previously used to work, look up the Function App Additional Outbound IP Addresses and ensure that each listed IP address has a corresponding entry in the Cosmos DB firewall. Any IP address not listed in the Cosmos DB firewall will be blocked, thus causing the Autoscale function to be blocked.
For details on how the Cosmos DB firewall is configured, refer to the section Security features for network communication.
For details on when Function App outbound IP addresses change, refer to the Microsoft article When outbound IPs change.
Application Insights can help you troubleshoot the deployment. It is automatically enabled if your region supports it.
Environment variables are available to assist in troubleshooting the current FortiGate Autoscale deployment. These variables and details on how to use them are listed in the section Troubleshooting environment variables
- Load the Function App. For detailed steps, refer to the Function App portion of the section Verifying the deployment.
- Under Configured features, click Configuration .
- Edit settings as needed.
Changing environment variables other than the troubleshooting ones can cause unexpected behavior. Modify them at your own risk.