Configurable variables
Following is a list of variables used during deployment and referenced throughout this guide.
Parameter name |
Default value |
Description |
||
---|---|---|---|---|
Resource Name Prefix |
Requires input |
The prefix for all applicable resource names. Can only contain uppercase letters, lowercase letters, and numbers. Maximum length is 10. |
||
create a new VNet in the Autoscale resource group |
Options for Virtual Network (VNet) deployment:
|
|||
Conditionally requires input |
Name of the resource group that contains the VNet and related network components.
|
|||
VNet Name |
Conditionally requires input |
Name of the Azure VNet to associate with FortiGate Autoscale. Required when using an existing VNet. When creating a new VNet, this parameter may be left empty and a name will be generated. |
||
VNet Address Space |
10.0.0.0/16 |
IP address space of the VNet in (Classless Inter-Domain Routing) CIDR notation. E.g. 10.0.0.0/16. Required when using an existing VNet. The value should match the address space of the target VNet. |
||
Conditionally requires input |
The Subnet # Name parameters specify the name of the subnet.
|
|||
Subnet 2 Name |
Conditionally requires input |
|||
Subnet 3 Name |
Conditionally requires input |
|||
Subnet 4 Name |
Conditionally requires input |
|||
|
|
|
||
Subnet 1 Address Range |
10.0.0.0/24 |
The Subnet # Address Range parameters define the address range in CIDR notation for the subnet. The address range must be contained by the address space of the virtual network as defined in VNet Address Space. After deployment, the address range of a subnet which is in use can't be edited.
|
||
Subnet 2 Address Range |
10.0.1.0/24 |
|||
Subnet 3 Address Range |
10.0.2.0/24 |
|||
Subnet 4 Address Range |
10.0.3.0/24 |
|||
|
|
|
||
Network Security Group Name |
Conditionally requires input |
Name of the Network Security Group associated with the subnets in the VNet. Required when using existing VNet. The value should match the name of the existing Network Security Group associated with the subnets in the VNet. When creating a new VNet, you may specify a name for the Network Security Group. If left empty, a name will be generated. |
||
create new public IP address |
Deployment method for the Frontend Public IP address for the external load balancer. There are limitations when using an existing IP address. Please refer to the optional requirement in the section Requirements when using an existing VNet. When creating a new IP address, the IP address will be deployed to the resource group where the VNet is located. |
|||
Frontend IP Name |
Requires input |
Name of the Frontend Public IP address. When creating a new IP address, this parameter can be left empty and a name will be generated. |
||
Load Balancer IP |
10 |
The last octet of the Frontend Private IP address to be used by the Load Balancer. For example, if set to 10, the Private IP address for the Load Balancer in the subnet with prefix 10.0.1.0/24 would be 10.0.1.10. |
||
Instance Type |
Standard_F4 |
Size of the VMs in the VMSS. For assistance in choosing the size, refer to the Microsoft article Compute optimized virtual machine sizes. |
||
FOS Version |
6.2.3 |
FortiOS version supported by FortiGate Autoscale for Azure. |
||
FortiGate PSK Secret |
Requires input |
A secret key used by FortiGate-VM instances to securely communicate with each other. Must contain numbers and letters; may contain special characters. Maximum length is 128.
|
||
Admin Username |
azureadmin |
FortiGate-VM administrator username on all VMs. |
||
Admin Password |
Requires input |
FortiGate-VM administrator password on all VMs. Must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %). |
||
Storage Account Type |
Standard_LRS |
Storage account type. |
||
Requires input |
Application ID for the Registered app. This is under Azure Active Directory > App registrations > {your app}. Make note of this when creating a service principal in the section Prerequisites. |
|||
Requires input |
Password (Authentication key) for the Registered app. Make note of this when creating a service principal in the section Prerequisites. |
|||
BYOL Instance Count |
2 |
The number of FortiGate-VM instances the BYOL VMSS should have at any time. For High Availability in BYOL-only and Hybrid use cases, ensure at least 2 FortiGate-VMs are in the group. For specific use cases, set to 0 for PAYG-only, and >= 2 for BYOL-only or hybrid licensing.
|
||
Min BYOL Instance Count |
2 |
Minimum number of FortiGate-VM instances in the BYOL VMSS. For specific use cases, set to 0 for PAYG-only, and >= 2 for BYOL-only or hybrid licensing.
|
||
Max BYOL Instance Count |
2 |
Maximum number of FortiGate-VM instances in the BYOL VMSS. For specific use cases, set to 0 for PAYG-only, and >= 2 for BYOL-only or hybrid licensing. This number must be greater than or equal to the Min BYOL Instance Count.
|
||
PAYG Instance Count |
0 |
The number of FortiGate-VM instances the PAYG VMSS should have at any time. For High Availability in a PAYG-only use case, ensure at least 2 FortiGate-VMs are in the group. For specific use cases, set to 0 for BYOL-only, >= 2 for PAYG-only, and >= 0 for hybrid licensing. |
||
Min PAYG Instance Count |
0 |
Minimum number of FortiGate-VM instances in the PAYG VMSS. For specific use cases, set to 0 for BYOL-only, >= 2 for PAYG-only, and >= 0 for hybrid licensing.
|
||
Max PAYG Instance Count |
6 |
Maximum number of FortiGate-VM instances in the PAYG VMSS. For specific use cases, set to 0 for BYOL-only, >= 2 for PAYG-only, and >= 0 for hybrid licensing. This number must be greater than or equal to the Min PAYG Instance Count. |
||
Scale Out Threshold |
80 |
Percentage of CPU utilization at which scale-out should occur. |
||
Scale In Threshold |
20 |
Percentage of CPU utilization at which scale-in should occur. |
||
Primary Election Timeout |
90 |
The maximum time (in seconds) to wait for the election of the primary instance to complete. |
||
Get License Grace Period |
600 |
The minimum time (in seconds) permitted before a distributed license can be revoked from a non-responsive FortiGate-VM and re-distributed. Minimum is 300. |
||
Heart Beat Interval |
60 |
The length of time (in seconds) that the FortiGate-VM waits between sending heartbeat requests to the Autoscale handler function. Minimum is 30. Maximum is 120. |
||
Heart Beat Loss Count |
3 |
Number of consecutively lost heartbeats. When the Heart Beat Loss Count has been reached, the VM is deemed unhealthy and failover activities will commence. |
||
Heart Beat Delay Allowance |
30 |
The maximum amount of time (in seconds) allowed for network latency of the FortiGate-VM heartbeat arriving at the Autoscale handler function. Minimum is 30. |
||
Script Timeout |
230 |
Timeout value (in seconds) for the Azure function script. Minimum is 30. Maximum is 230. |
||
Requires input |
The public URL of the function source file named
|