Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Configurable variables

Following is a list of variables used during deployment and referenced throughout this guide.

Deploying with PAYG instances only

Parameters required for Function App deployment

Parameter

Default

Description

Function App Name

Requires input

Name of the Function App that will be created.

Cosmos DB Name

Requires input

Name of the Cosmos DB that will be created.

This field must be between 3 and 31 characters and can contain only lowercase letters, numbers and the '-' character.

Storage Account Type

Requires input

Storage account type.

Tenant ID

Requires input

The Azure Directory ID for the Active Directory (AD) of your current subscription.

This is under Azure Active Directory > Properties > Directory ID.

Make note of this when creating a service principal during the Pre-deployment activities.

Subscription ID

Requires input

Your Azure Subscription ID.

Rest App ID

Requires input

Application ID for the Registered app.

This is under Azure Active Directory > App registrations > {your-app}.

Make note of this when creating a service principal during the Pre-deployment activities.

Rest App Secret

Requires input

Authentication key for the Registered app.

Make note of this when creating a service principal during the Pre-deployment activities.

Heart Beat Loss Count

Requires input

Number of consecutively lost heartbeats.

When the Heart Beat Loss Count has been reached, the Virtual Machine (VM) is deemed unhealthy and failover activities will commence.

Scaling Group Resource Group Name

Requires input

Name of the resource group that the Scale Set and its components will be deployed in.

In our example, this is fgtasg-scaleset.

Note

Each service should be deployed into its own resource group.

Scaling Group Name Prefix

fgtasg

The prefix each VMSS name is given when deploying the FortiGate Autoscale template.

Must be at most 10 characters long and only contain uppercase letters, lowercase letters, and numbers.

Note

The value of this parameter should be the same as for deploy_scaleset.json.

Script Timeout

230

Timeout value (in seconds) for the Azure function script.

Election Wait Time

Requires input

The maximum time (in seconds) to wait for a master election to complete.

PSK Secret

Requires input

The pre-shared key used by FortiGate-VMs in the Scale Set to synchronize configuration items.

This field has a maximum of 128 characters.

Note

Changes to the PSK secret after FortiGate Autoscale for Azure has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Package Res URL

Requires input

The public URL of the function source file named fortigate-autoscale-azure-funcapp.zip, and can be found inside the fortigate-autoscale-azure-template-deployment.zip.

Note

This URL must be accessible by Azure.

Parameters required for Scale Set deployment

Parameter

Default

Description

Instance Type

Standard_F2

Size of the VMs in the VMSS.

For assistance in choosing the size, refer to the Microsoft article Compute optimized virtual machine sizes.

FOS Version

6.0.6

FortiOS version supported by FortiGate Autoscale for Azure.

VNet New Or Existing

new

Create a new Virtual Network or use an existing one.

VNet Name

autoscalevnet

Azure virtual network name.

Subnet Address Prefix

10.0.0.0/16

Prefix for IP addresses in the virtual network in CIDR notation.

Subnet 1 Name

subnet1

Public facing subnet 1 name.

Subnet 1 Prefix

10.0.1.0/24

Subnet 1 prefix in CIDR notation.

Subnet 2 Name

subnet2

Protected subnet 2 name.

Subnet 2 Prefix

10.0.2.0/24

Subnet 2 prefix in CIDR notation.

Subnet 2 Load Balancer IP Address

10.0.2.10

Static IP address of the internal load balancer on subnet 2.

Subnet 3 Name

subnet3

Private subnet 3 name.

Subnet 3 Prefix

10.0.3.0/24

Subnet 3 prefix in CIDR notation.

Public IP New Or Existing

new

Create a new public IP address or use an existing one.

Public IP Address Name

autoscalepip

Public IP address name.

Scaling Group Name Prefix

fgtasg

The prefix each VMSS name is given when deploying the FortiGate Autoscale template.

Must be at most 10 characters long and only contain uppercase letters, lowercase letters, and numbers.

Note

The value of this parameter should be the same as for deploy_funcapp.json.

Initial Capacity

1

The initial number of VM instances in the VMSS.

Ranges from MinCapacity to MaxCapacity.

Min Capacity

1

Minimum number of VM instances in the VMSS (less than or equal to MaxCapacity).

Max Capacity

2

Maximum number of VM instances in the VMSS.

Scale Out Threshold

80

Percentage of CPU utilization at which scale-out should occur.

Scale In Threshold

20

Percentage of CPU utilization at which scale-in should occur.

Admin Username

azureadmin

FortiGate-VM administrator username on all VMs.

Admin Password

Requires input

FortiGate-VM administrator password on all VMs.

This field must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %).

Endpoint URL

Requires input

Function App public URL.

Deploying with PAYG and Bring Your Own License (BYOL) instances

Parameter name

Default value

Description

Resource Name Prefix

Requires input

The prefix for all applicable resource names.

Must be at most 10 characters long and only contain uppercase letters, lowercase letters, and numbers.

Storage Account Type

Standard_LRS

Storage account type.

Rest App ID

Requires input

Application ID for the Registered app.

This is under Azure Active Directory > App registrations > {your-app}.

Make note of this when creating a service principal during the Pre-deployment activities.

Rest App Secret

Requires input

Authentication key for the Registered app.

Make note of this when creating a service principal during the Pre-deployment activities.

VNet New Or Existing

new

Create a new Virtual Network or use an existing one.

VNet Name

Conditionally requires input

Required when VNet New Or Existing is set to "existing".

It is the Azure virtual network name.

Subnet Address Prefix

10.0.0.0/16

Prefix for IP addresses in the virtual network in CIDR notation.

Subnet 1 Prefix

10.0.0.0/24

Subnet 1 prefix in CIDR notation.

Subnet 2 Prefix

10.0.1.0/24

Subnet 2 prefix in CIDR notation.

Subnet 3 Prefix

10.0.2.0/24

Subnet 3 prefix in CIDR notation.

Subnet 4 Prefix

10.0.3.0/24

Subnet 4 prefix in CIDR notation.

Instance Type

Standard_F4

Size of the VMs in the VMSS.

For assistance in choosing the size, refer to the Microsoft article Compute optimized virtual machine sizes.

FOS Version

6.0.6

FortiOS version supported by FortiGate Autoscale for Azure.

PSK Secret

Requires input

The pre-shared key used by FortiGate-VMs in the scale set to synchronize configuration items.

This field has a maximum of 128 characters.

Note

Changes to the PSK secret after FortiGate Autoscale for Azure has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Admin Username

azureadmin

FortiGate-VM administrator username on all VMs.

Admin Password

Requires input

FortiGate-VM administrator password on all VMs.

This field must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %).

BYOL Instance Count

2

The number of FortiGate-VM instances the BYOL VMSS should have at any time.

For High Availability, ensure at least 2 FortiGate-VMs are in the group.

Recommended value: 2.

PAYG Instance Count

0

The minimum number of FortiGate-VM instances in the PAYG VMSS.

Recommended value: 0.

Max PAYG Instance Count

2

The maximum number of VM instances in the PAYG VMSS.

Scale Out Threshold

80

Percentage of CPU utilization at which scale-out should occur.

Scale In Threshold

20

Percentage of CPU utilization at which scale-in should occur.

Master Election Timeout

90

The maximum time (in seconds) to wait for a master election to complete.

Get License Grace Period

600

The minimum time (in seconds) permitted before a distributed license can be revoked from a non-responsive FortiGate-VM and re-distributed.

Minimum is 300.

Public IP New Or Existing

new

Create a new public IP address or use an existing one.

Load Balancer IP

10

The last octet of the Front End Private IP address to be used by the Load Balancer.

For example, if set to 10, the Private IP for the Load Balancer in the subnet with prefix 10.0.1.0/24 would be 10.0.1.10.

Heart Beat Interval

30

The time interval (in seconds) that the FortiGate-VM waits between sending heartbeat requests to the Autoscale handler function.

Minimum is 30. Maximum is 90.

Heart Beat Loss Count

3

Number of consecutively lost heartbeats.

When the Heart Beat Loss Count has been reached, the VM is deemed unhealthy and failover activities will commence.

Heart Beat Delay Allowance

2

The maximum amount of time (in seconds) allowed for network latency of the FortiGate-VM heartbeat arriving at the Autoscale handler.

Minimum is 0.

Script Timeout

230

Timeout value (in seconds) for the Azure function script.

Minimum is 30. Maximum is 230.

Package Res URL

Requires input

The public URL of the function source file named fortigate-autoscale-azure-funcapp.zip, and can be found inside the fortigate-autoscale-azure-template-deployment.zip.

Note

This URL must be accessible by Azure.

Resources

Configurable variables

Following is a list of variables used during deployment and referenced throughout this guide.

Deploying with PAYG instances only

Parameters required for Function App deployment

Parameter

Default

Description

Function App Name

Requires input

Name of the Function App that will be created.

Cosmos DB Name

Requires input

Name of the Cosmos DB that will be created.

This field must be between 3 and 31 characters and can contain only lowercase letters, numbers and the '-' character.

Storage Account Type

Requires input

Storage account type.

Tenant ID

Requires input

The Azure Directory ID for the Active Directory (AD) of your current subscription.

This is under Azure Active Directory > Properties > Directory ID.

Make note of this when creating a service principal during the Pre-deployment activities.

Subscription ID

Requires input

Your Azure Subscription ID.

Rest App ID

Requires input

Application ID for the Registered app.

This is under Azure Active Directory > App registrations > {your-app}.

Make note of this when creating a service principal during the Pre-deployment activities.

Rest App Secret

Requires input

Authentication key for the Registered app.

Make note of this when creating a service principal during the Pre-deployment activities.

Heart Beat Loss Count

Requires input

Number of consecutively lost heartbeats.

When the Heart Beat Loss Count has been reached, the Virtual Machine (VM) is deemed unhealthy and failover activities will commence.

Scaling Group Resource Group Name

Requires input

Name of the resource group that the Scale Set and its components will be deployed in.

In our example, this is fgtasg-scaleset.

Note

Each service should be deployed into its own resource group.

Scaling Group Name Prefix

fgtasg

The prefix each VMSS name is given when deploying the FortiGate Autoscale template.

Must be at most 10 characters long and only contain uppercase letters, lowercase letters, and numbers.

Note

The value of this parameter should be the same as for deploy_scaleset.json.

Script Timeout

230

Timeout value (in seconds) for the Azure function script.

Election Wait Time

Requires input

The maximum time (in seconds) to wait for a master election to complete.

PSK Secret

Requires input

The pre-shared key used by FortiGate-VMs in the Scale Set to synchronize configuration items.

This field has a maximum of 128 characters.

Note

Changes to the PSK secret after FortiGate Autoscale for Azure has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Package Res URL

Requires input

The public URL of the function source file named fortigate-autoscale-azure-funcapp.zip, and can be found inside the fortigate-autoscale-azure-template-deployment.zip.

Note

This URL must be accessible by Azure.

Parameters required for Scale Set deployment

Parameter

Default

Description

Instance Type

Standard_F2

Size of the VMs in the VMSS.

For assistance in choosing the size, refer to the Microsoft article Compute optimized virtual machine sizes.

FOS Version

6.0.6

FortiOS version supported by FortiGate Autoscale for Azure.

VNet New Or Existing

new

Create a new Virtual Network or use an existing one.

VNet Name

autoscalevnet

Azure virtual network name.

Subnet Address Prefix

10.0.0.0/16

Prefix for IP addresses in the virtual network in CIDR notation.

Subnet 1 Name

subnet1

Public facing subnet 1 name.

Subnet 1 Prefix

10.0.1.0/24

Subnet 1 prefix in CIDR notation.

Subnet 2 Name

subnet2

Protected subnet 2 name.

Subnet 2 Prefix

10.0.2.0/24

Subnet 2 prefix in CIDR notation.

Subnet 2 Load Balancer IP Address

10.0.2.10

Static IP address of the internal load balancer on subnet 2.

Subnet 3 Name

subnet3

Private subnet 3 name.

Subnet 3 Prefix

10.0.3.0/24

Subnet 3 prefix in CIDR notation.

Public IP New Or Existing

new

Create a new public IP address or use an existing one.

Public IP Address Name

autoscalepip

Public IP address name.

Scaling Group Name Prefix

fgtasg

The prefix each VMSS name is given when deploying the FortiGate Autoscale template.

Must be at most 10 characters long and only contain uppercase letters, lowercase letters, and numbers.

Note

The value of this parameter should be the same as for deploy_funcapp.json.

Initial Capacity

1

The initial number of VM instances in the VMSS.

Ranges from MinCapacity to MaxCapacity.

Min Capacity

1

Minimum number of VM instances in the VMSS (less than or equal to MaxCapacity).

Max Capacity

2

Maximum number of VM instances in the VMSS.

Scale Out Threshold

80

Percentage of CPU utilization at which scale-out should occur.

Scale In Threshold

20

Percentage of CPU utilization at which scale-in should occur.

Admin Username

azureadmin

FortiGate-VM administrator username on all VMs.

Admin Password

Requires input

FortiGate-VM administrator password on all VMs.

This field must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %).

Endpoint URL

Requires input

Function App public URL.

Deploying with PAYG and Bring Your Own License (BYOL) instances

Parameter name

Default value

Description

Resource Name Prefix

Requires input

The prefix for all applicable resource names.

Must be at most 10 characters long and only contain uppercase letters, lowercase letters, and numbers.

Storage Account Type

Standard_LRS

Storage account type.

Rest App ID

Requires input

Application ID for the Registered app.

This is under Azure Active Directory > App registrations > {your-app}.

Make note of this when creating a service principal during the Pre-deployment activities.

Rest App Secret

Requires input

Authentication key for the Registered app.

Make note of this when creating a service principal during the Pre-deployment activities.

VNet New Or Existing

new

Create a new Virtual Network or use an existing one.

VNet Name

Conditionally requires input

Required when VNet New Or Existing is set to "existing".

It is the Azure virtual network name.

Subnet Address Prefix

10.0.0.0/16

Prefix for IP addresses in the virtual network in CIDR notation.

Subnet 1 Prefix

10.0.0.0/24

Subnet 1 prefix in CIDR notation.

Subnet 2 Prefix

10.0.1.0/24

Subnet 2 prefix in CIDR notation.

Subnet 3 Prefix

10.0.2.0/24

Subnet 3 prefix in CIDR notation.

Subnet 4 Prefix

10.0.3.0/24

Subnet 4 prefix in CIDR notation.

Instance Type

Standard_F4

Size of the VMs in the VMSS.

For assistance in choosing the size, refer to the Microsoft article Compute optimized virtual machine sizes.

FOS Version

6.0.6

FortiOS version supported by FortiGate Autoscale for Azure.

PSK Secret

Requires input

The pre-shared key used by FortiGate-VMs in the scale set to synchronize configuration items.

This field has a maximum of 128 characters.

Note

Changes to the PSK secret after FortiGate Autoscale for Azure has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Admin Username

azureadmin

FortiGate-VM administrator username on all VMs.

Admin Password

Requires input

FortiGate-VM administrator password on all VMs.

This field must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %).

BYOL Instance Count

2

The number of FortiGate-VM instances the BYOL VMSS should have at any time.

For High Availability, ensure at least 2 FortiGate-VMs are in the group.

Recommended value: 2.

PAYG Instance Count

0

The minimum number of FortiGate-VM instances in the PAYG VMSS.

Recommended value: 0.

Max PAYG Instance Count

2

The maximum number of VM instances in the PAYG VMSS.

Scale Out Threshold

80

Percentage of CPU utilization at which scale-out should occur.

Scale In Threshold

20

Percentage of CPU utilization at which scale-in should occur.

Master Election Timeout

90

The maximum time (in seconds) to wait for a master election to complete.

Get License Grace Period

600

The minimum time (in seconds) permitted before a distributed license can be revoked from a non-responsive FortiGate-VM and re-distributed.

Minimum is 300.

Public IP New Or Existing

new

Create a new public IP address or use an existing one.

Load Balancer IP

10

The last octet of the Front End Private IP address to be used by the Load Balancer.

For example, if set to 10, the Private IP for the Load Balancer in the subnet with prefix 10.0.1.0/24 would be 10.0.1.10.

Heart Beat Interval

30

The time interval (in seconds) that the FortiGate-VM waits between sending heartbeat requests to the Autoscale handler function.

Minimum is 30. Maximum is 90.

Heart Beat Loss Count

3

Number of consecutively lost heartbeats.

When the Heart Beat Loss Count has been reached, the VM is deemed unhealthy and failover activities will commence.

Heart Beat Delay Allowance

2

The maximum amount of time (in seconds) allowed for network latency of the FortiGate-VM heartbeat arriving at the Autoscale handler.

Minimum is 0.

Script Timeout

230

Timeout value (in seconds) for the Azure function script.

Minimum is 30. Maximum is 230.

Package Res URL

Requires input

The public URL of the function source file named fortigate-autoscale-azure-funcapp.zip, and can be found inside the fortigate-autoscale-azure-template-deployment.zip.

Note

This URL must be accessible by Azure.