Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Troubleshooting

The election of the primary FortiGate was not successful

If the election of the primary FortiGate is not successful, reset the elected primary FortiGate. If the reset does not solve the problem, please contact support.

Redeployment with existing VNet fails

Prior to redeploying with your existing VNet, you must ensure that the VNet meets the Requirements when using an existing VNet. You must also perform a VNet related cleanup using the following steps:

  1. Load the VNet resource group Overview page. If your deployment only has one resource group, this is the Autoscale resource group.
  2. Click the link under Deployments.

    Resource group overview page (top)

  3. From the Deployments page, click Microsoft.Template.

    Deployments page

  4. In the navigation column, click Outputs.

    Command to cleanup an existing VNet for redeployment

  5. Copy the value of cmdVNetCleanUp and run it as an Azure CLI command (click >_ to launch the CLI) to perform the required cleanup.
  6. If your deployment has two resource groups, delete the Autoscale resource group. Otherwise, delete the following components:
    • Azure Cosmos DB account
    • App Service
    • Application Insights (if present)
    • App Service plan
    • Storage account
  7. Delete the following components from the VNet resource group:
    • the Public Load balancer
    • the Internal Load balancer
    • the Virtual machine scale set for BYOL
    • the Virtual machine scale set for PAYG
    • the Public IP address (if created by the autoscale deployment and you don't want to reuse it)

How to reset the elected primary FortiGate

To reset the elected primary FortiGate, navigate to the CosmosDB FortiGateAutoscale and open the table FortiGatePrimaryElection and delete the only item in the table.

A new primary FortiGate will be elected and a new record will be created as a result.

For details on locating the CosmosDB FortiGateAutoscale and the table FortiGatePrimaryElection, refer to the section Verifying the deployment.

Stack has stopped working

If the stack stops working when it previously used to work, look up the Function App Additional Outbound IP Addresses and ensure that each listed IP address has a corresponding entry in the Cosmos DB firewall. Any IP address not listed in the Cosmos DB firewall will be blocked, thus causing the Autoscale function to be blocked.

For details on how the Cosmos DB firewall is configured, refer to the section Security features for network communication.

For details on when Function App outbound IP addresses change, refer to the Microsoft article When outbound IPs change.

Troubleshoot using Application Insights

Application Insights can help you troubleshoot the deployment. It is automatically enabled if your region supports it.

Troubleshoot using environment variables

Environment variables are available to assist in troubleshooting the current FortiGate Autoscale deployment. These variables and details on how to use them are listed in the section Troubleshooting environment variables

To locate environment variables after deployment:
  1. Load the Function App. For detailed steps, refer to the Function App portion of the section Verifying the deployment.
  2. Under Configured features, click Configuration .

    Function app settings

  3. Edit settings as needed.

    Settings

    Note

    Changing environment variables other than the troubleshooting ones can cause unexpected behavior. Modify them at your own risk.

Resources

Troubleshooting

The election of the primary FortiGate was not successful

If the election of the primary FortiGate is not successful, reset the elected primary FortiGate. If the reset does not solve the problem, please contact support.

Redeployment with existing VNet fails

Prior to redeploying with your existing VNet, you must ensure that the VNet meets the Requirements when using an existing VNet. You must also perform a VNet related cleanup using the following steps:

  1. Load the VNet resource group Overview page. If your deployment only has one resource group, this is the Autoscale resource group.
  2. Click the link under Deployments.

    Resource group overview page (top)

  3. From the Deployments page, click Microsoft.Template.

    Deployments page

  4. In the navigation column, click Outputs.

    Command to cleanup an existing VNet for redeployment

  5. Copy the value of cmdVNetCleanUp and run it as an Azure CLI command (click >_ to launch the CLI) to perform the required cleanup.
  6. If your deployment has two resource groups, delete the Autoscale resource group. Otherwise, delete the following components:
    • Azure Cosmos DB account
    • App Service
    • Application Insights (if present)
    • App Service plan
    • Storage account
  7. Delete the following components from the VNet resource group:
    • the Public Load balancer
    • the Internal Load balancer
    • the Virtual machine scale set for BYOL
    • the Virtual machine scale set for PAYG
    • the Public IP address (if created by the autoscale deployment and you don't want to reuse it)

How to reset the elected primary FortiGate

To reset the elected primary FortiGate, navigate to the CosmosDB FortiGateAutoscale and open the table FortiGatePrimaryElection and delete the only item in the table.

A new primary FortiGate will be elected and a new record will be created as a result.

For details on locating the CosmosDB FortiGateAutoscale and the table FortiGatePrimaryElection, refer to the section Verifying the deployment.

Stack has stopped working

If the stack stops working when it previously used to work, look up the Function App Additional Outbound IP Addresses and ensure that each listed IP address has a corresponding entry in the Cosmos DB firewall. Any IP address not listed in the Cosmos DB firewall will be blocked, thus causing the Autoscale function to be blocked.

For details on how the Cosmos DB firewall is configured, refer to the section Security features for network communication.

For details on when Function App outbound IP addresses change, refer to the Microsoft article When outbound IPs change.

Troubleshoot using Application Insights

Application Insights can help you troubleshoot the deployment. It is automatically enabled if your region supports it.

Troubleshoot using environment variables

Environment variables are available to assist in troubleshooting the current FortiGate Autoscale deployment. These variables and details on how to use them are listed in the section Troubleshooting environment variables

To locate environment variables after deployment:
  1. Load the Function App. For detailed steps, refer to the Function App portion of the section Verifying the deployment.
  2. Under Configured features, click Configuration .

    Function app settings

  3. Edit settings as needed.

    Settings

    Note

    Changing environment variables other than the troubleshooting ones can cause unexpected behavior. Modify them at your own risk.