Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Setting up a Windows server in the protected network

  1. Let's deploy a Windows server on the VNet’s protected network. In the Azure marketplace, find a Windows 2012 R2 server. Select one with remote desktop login enabled.
  2. Click Create. Enter the basic parameters. Choose the same resource group and location as the FortiGate-VM, then click OK.
  3. Choose an instance type, then click Select.
  4. Under network configuration, select the network associated with the FortiGate-VM. In this example, this is FortigateProtectedVNet. Then, select the private subnet (internal protected network). In this example, this is FortigateProtectedSubnet.
  5. If you deploy a Windows server right after deploying two FortiGate-VMs, the Windows server’s default IP address is 10.0.1.6, assuming the two FortiGate-VMs acquired 10.0.1.4 and 10.0.1.5 on the protected network.

  6. There is no need for a public IP address, as the Windows server will be located behind the FortiGates, unavailable for Internet access. Select None.

  7. In Network security group settings, ensure TCP port 3389 is allowed in Inbound rules. In this example, it is shown by default, but if not, add it. Click OK.

  8. Other configuration is optional. Once everything is confirmed, click OK.

  9. Step 4 validates the configuration. Once successfully completed, click Create to deploy Windows Server.

  10. Wait for ten to fifteen minutes to complete deployment.

  11. Check the IP address for later use.

Resources

Setting up a Windows server in the protected network

  1. Let's deploy a Windows server on the VNet’s protected network. In the Azure marketplace, find a Windows 2012 R2 server. Select one with remote desktop login enabled.
  2. Click Create. Enter the basic parameters. Choose the same resource group and location as the FortiGate-VM, then click OK.
  3. Choose an instance type, then click Select.
  4. Under network configuration, select the network associated with the FortiGate-VM. In this example, this is FortigateProtectedVNet. Then, select the private subnet (internal protected network). In this example, this is FortigateProtectedSubnet.
  5. If you deploy a Windows server right after deploying two FortiGate-VMs, the Windows server’s default IP address is 10.0.1.6, assuming the two FortiGate-VMs acquired 10.0.1.4 and 10.0.1.5 on the protected network.

  6. There is no need for a public IP address, as the Windows server will be located behind the FortiGates, unavailable for Internet access. Select None.

  7. In Network security group settings, ensure TCP port 3389 is allowed in Inbound rules. In this example, it is shown by default, but if not, add it. Click OK.

  8. Other configuration is optional. Once everything is confirmed, click OK.

  9. Step 4 validates the configuration. Once successfully completed, click Create to deploy Windows Server.

  10. Wait for ten to fifteen minutes to complete deployment.

  11. Check the IP address for later use.