Fortinet Document Library

Version:

6.2.0
FortiGate / FortiOS FortiAnalyzer FortiManager FortiWeb FortiAuthenticator FortiSandbox FortiWeb Manager

Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool
Home Azure/Azure Stack FortiGate / FortiOS
6.2 6.0 5.6

Azure Cookbook

6.2.0
6.2.0
Download PDF
Copy Link

Configurable variables

Following is a list of variables used during deployment and referenced throughout this guide.

Parameter name

Default value

Description

Resource Name Prefix

Requires input

The prefix for all applicable resource names.

Can only contain uppercase letters, lowercase letters, and numbers.

Maximum length is 10.

Storage Account Type

Standard_LRS

Storage account type.

Rest App ID

Requires input

Application ID for the Registered app.

This is under Azure Active Directory > App registrations > {your-app}.

Make note of this when creating a service principal during the Prerequisites.

Rest App Secret

Requires input

Authentication key for the Registered app.

Make note of this when creating a service principal during the Prerequisites.

VNet New Or Existing

new

Create a new Virtual Network or use an existing one.

VNet Name

Conditionally requires input

Required when VNet New Or Existing is set to "existing".

It is the Azure virtual network name.

Subnet Address Prefix

10.0.0.0/16

Prefix for IP addresses in the virtual network in CIDR notation.

Subnet 1 Prefix

10.0.0.0/24

Subnet 1 prefix in CIDR notation.

Subnet 2 Prefix

10.0.1.0/24

Subnet 2 prefix in CIDR notation.

Subnet 3 Prefix

10.0.2.0/24

Subnet 3 prefix in CIDR notation.

Subnet 4 Prefix

10.0.3.0/24

Subnet 4 prefix in CIDR notation.

Instance Type

Standard_F4

Size of the VMs in the VMSS.

For assistance in choosing the size, refer to the Microsoft article Compute optimized virtual machine sizes.

FOS Version

6.0.6

FortiOS version supported by FortiGate Autoscale for Azure.

PSK Secret

Requires input

The secret key for the FortiGate-VMs instances to securely communicate with each other. Must contain numbers and letters and may contain special characters.

Maximum length is 128.

Note

Changes to the PSK secret after FortiGate Autoscale for Azure has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Admin Username

azureadmin

FortiGate-VM administrator username on all VMs.

Admin Password

Requires input

FortiGate-VM administrator password on all VMs.

This field must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %).

BYOL Instance Count

2

The number of FortiGate-VM instances the BYOL VMSS should have at any time.

For High Availability in BYOL-only and Hybrid use cases, ensure at least 2 FortiGate-VMs are in the group.

For specific use cases, set to 0 for PAYG-only, and >= 2 for BYOL-only or hybrid licensing.

Note

This scale set has a fixed size. Users can set the size to match the number of valid licenses they own. Licenses can be purchased from FortiCare.

PAYG Instance Count

0

The minimum number of FortiGate-VM instances in the PAYG VMSS.

The number of FortiGate-VM instances the PAYG VMSS should have at any time. For High Availability in a PAYG-only use case, ensure at least 2 FortiGate-VMs are in the group.

For specific use cases, set to 0 for BYOL-only, >= 2 for PAYG-only, and >= 0 for hybrid licensing.

Max PAYG Instance Count

2

The maximum number of VM instances in the PAYG VMSS.

For specific use cases, set to 0 for BYOL-only, >= 2 for PAYG-only, and >= 0 for hybrid licensing. This number must be greater than or equal to the PAYG Instance Count.

Scale Out Threshold

80

Percentage of CPU utilization at which scale-out should occur.

Scale In Threshold

20

Percentage of CPU utilization at which scale-in should occur.

Master Election Timeout

90

The maximum time (in seconds) to wait for a master election to complete.

Get License Grace Period

600

The minimum time (in seconds) permitted before a distributed license can be revoked from a non-responsive FortiGate-VM and re-distributed.

Minimum is 300.

Public IP New Or Existing

new

Create a new public IP address or use an existing one.

Load Balancer IP

10

The last octet of the Front End Private IP address to be used by the Load Balancer.

For example, if set to 10, the Private IP for the Load Balancer in the subnet with prefix 10.0.1.0/24 would be 10.0.1.10.

Heart Beat Interval

30

The length of time (in seconds) that the FortiGate-VM waits between sending heartbeat requests to the Autoscale handler function.

Minimum is 30. Maximum is 90.

Heart Beat Loss Count

3

Number of consecutively lost heartbeats. When the Heart Beat Loss Count has been reached, the VM is deemed unhealthy and failover activities will commence.

Heart Beat Delay Allowance

2

The maximum amount of time (in seconds) allowed for network latency of the FortiGate-VM heartbeat arriving at the Autoscale handler function.

Minimum is 0.

Script Timeout

230

Timeout value (in seconds) for the Azure function script.

Minimum is 30. Maximum is 230.

Package Res URL

Requires input

The public URL of the function source file named fortigate-autoscale-azure-funcapp.zip, and can be found inside the fortigate-autoscale-azure-template-deployment.zip.

Note

This URL must be accessible by Azure.

Resources

Upgrade Path Tool

Configurable variables

Following is a list of variables used during deployment and referenced throughout this guide.

Parameter name

Default value

Description

Resource Name Prefix

Requires input

The prefix for all applicable resource names.

Can only contain uppercase letters, lowercase letters, and numbers.

Maximum length is 10.

Storage Account Type

Standard_LRS

Storage account type.

Rest App ID

Requires input

Application ID for the Registered app.

This is under Azure Active Directory > App registrations > {your-app}.

Make note of this when creating a service principal during the Prerequisites.

Rest App Secret

Requires input

Authentication key for the Registered app.

Make note of this when creating a service principal during the Prerequisites.

VNet New Or Existing

new

Create a new Virtual Network or use an existing one.

VNet Name

Conditionally requires input

Required when VNet New Or Existing is set to "existing".

It is the Azure virtual network name.

Subnet Address Prefix

10.0.0.0/16

Prefix for IP addresses in the virtual network in CIDR notation.

Subnet 1 Prefix

10.0.0.0/24

Subnet 1 prefix in CIDR notation.

Subnet 2 Prefix

10.0.1.0/24

Subnet 2 prefix in CIDR notation.

Subnet 3 Prefix

10.0.2.0/24

Subnet 3 prefix in CIDR notation.

Subnet 4 Prefix

10.0.3.0/24

Subnet 4 prefix in CIDR notation.

Instance Type

Standard_F4

Size of the VMs in the VMSS.

For assistance in choosing the size, refer to the Microsoft article Compute optimized virtual machine sizes.

FOS Version

6.0.6

FortiOS version supported by FortiGate Autoscale for Azure.

PSK Secret

Requires input

The secret key for the FortiGate-VMs instances to securely communicate with each other. Must contain numbers and letters and may contain special characters.

Maximum length is 128.

Note

Changes to the PSK secret after FortiGate Autoscale for Azure has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Admin Username

azureadmin

FortiGate-VM administrator username on all VMs.

Admin Password

Requires input

FortiGate-VM administrator password on all VMs.

This field must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %).

BYOL Instance Count

2

The number of FortiGate-VM instances the BYOL VMSS should have at any time.

For High Availability in BYOL-only and Hybrid use cases, ensure at least 2 FortiGate-VMs are in the group.

For specific use cases, set to 0 for PAYG-only, and >= 2 for BYOL-only or hybrid licensing.

Note

This scale set has a fixed size. Users can set the size to match the number of valid licenses they own. Licenses can be purchased from FortiCare.

PAYG Instance Count

0

The minimum number of FortiGate-VM instances in the PAYG VMSS.

The number of FortiGate-VM instances the PAYG VMSS should have at any time. For High Availability in a PAYG-only use case, ensure at least 2 FortiGate-VMs are in the group.

For specific use cases, set to 0 for BYOL-only, >= 2 for PAYG-only, and >= 0 for hybrid licensing.

Max PAYG Instance Count

2

The maximum number of VM instances in the PAYG VMSS.

For specific use cases, set to 0 for BYOL-only, >= 2 for PAYG-only, and >= 0 for hybrid licensing. This number must be greater than or equal to the PAYG Instance Count.

Scale Out Threshold

80

Percentage of CPU utilization at which scale-out should occur.

Scale In Threshold

20

Percentage of CPU utilization at which scale-in should occur.

Master Election Timeout

90

The maximum time (in seconds) to wait for a master election to complete.

Get License Grace Period

600

The minimum time (in seconds) permitted before a distributed license can be revoked from a non-responsive FortiGate-VM and re-distributed.

Minimum is 300.

Public IP New Or Existing

new

Create a new public IP address or use an existing one.

Load Balancer IP

10

The last octet of the Front End Private IP address to be used by the Load Balancer.

For example, if set to 10, the Private IP for the Load Balancer in the subnet with prefix 10.0.1.0/24 would be 10.0.1.10.

Heart Beat Interval

30

The length of time (in seconds) that the FortiGate-VM waits between sending heartbeat requests to the Autoscale handler function.

Minimum is 30. Maximum is 90.

Heart Beat Loss Count

3

Number of consecutively lost heartbeats. When the Heart Beat Loss Count has been reached, the VM is deemed unhealthy and failover activities will commence.

Heart Beat Delay Allowance

2

The maximum amount of time (in seconds) allowed for network latency of the FortiGate-VM heartbeat arriving at the Autoscale handler function.

Minimum is 0.

Script Timeout

230

Timeout value (in seconds) for the Azure function script.

Minimum is 30. Maximum is 230.

Package Res URL

Requires input

The public URL of the function source file named fortigate-autoscale-azure-funcapp.zip, and can be found inside the fortigate-autoscale-azure-template-deployment.zip.

Note

This URL must be accessible by Azure.