Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Cloud-init (PAYG instances)

In Autoscaling, FortiGate-VM uses the cloud-init feature to pre-configure the instances when they first come up. During deployment of the Scale Set template, you were required to enter a value for the Endpoint URL parameter. The example was as following:

Endpoint URL: https://fgtasg-funcapp.azurewebsites.net/api/

FortiGate uses this parameter value to send requests to different functions within this Endpoint URL location to retrieve necessary configurations after initialization. Following is an example of output from a FortiGate-VM instance:

FortiGate-VM cloudinit output

# diag debug cloudinit show

>> Checking metadata source azure

>> Azure waiting for customdata file

>> Azure waiting for customdata file

>> Azure waiting for customdata file

>> Azure waiting for customdata file

>> Azure customdata file found

>> Azure cloudinit decrypt successfully

>> Azure Fos-instance-id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

>> Azure couldn't find mime link

>> Azure trying to get config script from https://fgtasg-funcapp.azurewebsites.net/api/fgt-asg-handler

>> Azure download config script successfully

>> Azure customdata processed successfully

>> Run config script

>> Finish running script

>> fgtasg-vmss300000W $

>> fgtasg-vmss300000W $ config system dns

>> fgtasg-vmss300000W (dns) $ unset primary

>> fgtasg-vmss300000W (dns) $ unset secondary

>> fgtasg-vmss300000W (dns) $ end

>> fgtasg-vmss300000W $ config system auto-scale

>> fgtasg-vmss300000W (auto-scale) $ set status enable

>> fgtasg-vmss300000W (auto-scale) $ set sync-interface "port1"

>> fgtasg-vmss300000W (auto-scale) $ set role slave

>> fgtasg-vmss300000W (auto-scale) $ set master-ip 10.0.1.5

>> fgtasg-vmss300000W (auto-scale) $ set callback-url https://fgtasg-funcapp.azurewebsites.net/api/fgt-asg-handler

>> fgtasg-vmss300000W (auto-scale) $ set psksecret FortinetPSK#

>> fgtasg-vmss300000W (auto-scale) $ end

>> fgtasg-vmss300000W $

>> fgtasg-vmss300000W $ config sys interface

>> fgtasg-vmss300000W (interface) $ edit "port2"

>> fgtasg-vmss300000W (port2) $ set mode dhcp

>> fgtasg-vmss300000W (port2) $ set defaultgw disable

>> fgtasg-vmss300000W (port2) $ set allowaccess ping https ssh http fgfm

>> fgtasg-vmss300000W (port2) $ next

>> fgtasg-vmss300000W (interface) $ end

>> fgtasg-vmss300000W $

>> fgtasg-vmss300000W $ config system global

>> fgtasg-vmss300000W (global) $ set admin-sport 8443

>> fgtasg-vmss300000W (global) $ end

Resources

Cloud-init (PAYG instances)

In Autoscaling, FortiGate-VM uses the cloud-init feature to pre-configure the instances when they first come up. During deployment of the Scale Set template, you were required to enter a value for the Endpoint URL parameter. The example was as following:

Endpoint URL: https://fgtasg-funcapp.azurewebsites.net/api/

FortiGate uses this parameter value to send requests to different functions within this Endpoint URL location to retrieve necessary configurations after initialization. Following is an example of output from a FortiGate-VM instance:

FortiGate-VM cloudinit output

# diag debug cloudinit show

>> Checking metadata source azure

>> Azure waiting for customdata file

>> Azure waiting for customdata file

>> Azure waiting for customdata file

>> Azure waiting for customdata file

>> Azure customdata file found

>> Azure cloudinit decrypt successfully

>> Azure Fos-instance-id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

>> Azure couldn't find mime link

>> Azure trying to get config script from https://fgtasg-funcapp.azurewebsites.net/api/fgt-asg-handler

>> Azure download config script successfully

>> Azure customdata processed successfully

>> Run config script

>> Finish running script

>> fgtasg-vmss300000W $

>> fgtasg-vmss300000W $ config system dns

>> fgtasg-vmss300000W (dns) $ unset primary

>> fgtasg-vmss300000W (dns) $ unset secondary

>> fgtasg-vmss300000W (dns) $ end

>> fgtasg-vmss300000W $ config system auto-scale

>> fgtasg-vmss300000W (auto-scale) $ set status enable

>> fgtasg-vmss300000W (auto-scale) $ set sync-interface "port1"

>> fgtasg-vmss300000W (auto-scale) $ set role slave

>> fgtasg-vmss300000W (auto-scale) $ set master-ip 10.0.1.5

>> fgtasg-vmss300000W (auto-scale) $ set callback-url https://fgtasg-funcapp.azurewebsites.net/api/fgt-asg-handler

>> fgtasg-vmss300000W (auto-scale) $ set psksecret FortinetPSK#

>> fgtasg-vmss300000W (auto-scale) $ end

>> fgtasg-vmss300000W $

>> fgtasg-vmss300000W $ config sys interface

>> fgtasg-vmss300000W (interface) $ edit "port2"

>> fgtasg-vmss300000W (port2) $ set mode dhcp

>> fgtasg-vmss300000W (port2) $ set defaultgw disable

>> fgtasg-vmss300000W (port2) $ set allowaccess ping https ssh http fgfm

>> fgtasg-vmss300000W (port2) $ next

>> fgtasg-vmss300000W (interface) $ end

>> fgtasg-vmss300000W $

>> fgtasg-vmss300000W $ config system global

>> fgtasg-vmss300000W (global) $ set admin-sport 8443

>> fgtasg-vmss300000W (global) $ end