Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Network interfaces and routes

Azure DHCP preconfigures the interfaces as shown.

Additionally, there are also two static routes:

  • Azure uses the 168.63.129.16 address for various services. Having this route in place allows the FortiGate-VM to respond.
  • There is also a route out port2 (also the trusted/internal interface) with the VNET prefix as the destination. This provides a route to any additional subnets that may be created.

In the routing monitor, there are connected routes to the two subnets and a default route out port1 (the untrusted/public interface). Azure DHCP also provides this default route.

The "InsideSubnet-routes..." route table forces Internet-bound traffic to egress through the FortiGate port2 interface. If other subnets are created, add this route table to those subnets to provide the same egress filtering.

Resources

Network interfaces and routes

Azure DHCP preconfigures the interfaces as shown.

Additionally, there are also two static routes:

  • Azure uses the 168.63.129.16 address for various services. Having this route in place allows the FortiGate-VM to respond.
  • There is also a route out port2 (also the trusted/internal interface) with the VNET prefix as the destination. This provides a route to any additional subnets that may be created.

In the routing monitor, there are connected routes to the two subnets and a default route out port1 (the untrusted/public interface). Azure DHCP also provides this default route.

The "InsideSubnet-routes..." route table forces Internet-bound traffic to egress through the FortiGate port2 interface. If other subnets are created, add this route table to those subnets to provide the same egress filtering.