Fortinet Document Library
Version:
6.4.0
6.2.0
FortiGate / FortiOS
FortiVoice / FortiFone
FortiGate / FortiOS
FortiAnalyzer
FortiManager
FortiWeb
FortiTester
FortiAuthenticator
FortiADC
FortiSandbox
FortiWeb Manager
Table of Contents
Azure Cookbook
About FortiGate-VM for Azure
Instance type support
Region support
Models
Licensing
Order types
Creating a support account
Deploying FortiGate-VM on Azure
Azure services and components
Deploying FortiGate-VM from a VHD image file
Deploying FortiGate-VM in VM creation
Deploying FortiGate with a custom ARM template
Invoking a custom ARM template
Bootstrapping the FortiGate CLI at initial bootup using user data
Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data
Deploying FortiGate-VM using Azure PowerShell
Running PowerShell to deploy FortiGate-VM
Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data
Deploying FortiGate-VM on regional Azure clouds
Enabling accelerated networking on the FortiGate-VM
Upgrading FortiOS
Deploying auto scaling on Azure
Planning
Prerequisites
Obtaining the deployment package
Deploying FortiGate Autoscale for Azure
Creating a template deployment
Configurable variables
Uploading files to the Storage account
Verifying the deployment
Security features for network communication
Starting a VMSS
Connecting to the FortiGate-VM instances
Troubleshooting
Appendix
FortiGate Autoscale for Azure features
Cloud-init
Architectural diagrams
Single FortiGate-VM deployment
Registering and downloading your license
Subscribing to the FortiGate-VM
Connecting to the FortiGate-VM
Network interfaces and routes
Using public IP addresses
HA for FortiGate-VM on Azure
Deploying and configuring active-passive HA within one zone
About the ARM template
Reviewing the network topology
Checking the prerequisites
Invoking the ARM templates
Template parameters
Validating the deployment
Configuring the network via the CLI
Installing the FortiGate license (BYOL only)
Configuring multiple public IP addresses
Troubleshooting
Deploying and configuring active-passive HA between multiple zones
Deploying and configuring Azure load-balancing HA
Basic concepts
Locating FortiGate HA for Azure in the Azure portal marketplace
Determining your licensing model
Configuring FortiGate-VM initial parameters
Creating the VNet and subnets in network settings
Selecting the Azure instance type
Assigning the Azure IP address
Validating deployment resources
Creating the FortiGate-VM instances
Connecting to the FortiGate-VMs
Setting up a Windows server in the protected network
Configuring FortiGate firewall policies and virtual IP addresses
Public IP addresses with Azure public LB
(Failover test) Creating load balancing rules and accessing the Windows server via RDP
VNet peering
Deploying FortiGate-VM using Terraform
Security Fabric connector integration with Azure
Configuring a Fabric connector in Azure
Creating an Azure Fabric connector using service principal
Creating a Fabric connector using a managed identity
Configuring a managed identity on Azure
Enabling managed identities on Azure during deployment
Enabling managed identities on Azure after deployment
Access control
Configuring the managed identity on the FortiGate-VM
Creating an address
Dynamic address in a policy
Troubleshooting Azure Fabric connector
Fabric connector in Azure Kubernetes (AKS)
Fabric connector in Azure Stack
VPN for FortiGate-VM on Azure
Connecting a local FortiGate to an Azure VNet VPN
Connecting a local FortiGate to an Azure FortiGate via site-to-site VPN
vWAN
vWAN architecture diagram
Creating the vWAN
Adding VNet connections to the vWAN hub
Deploying the vWAN ARM template
Completing the prerequisites
Uploading Remote_sites.txt to a storage account
Deploying the ARM template
Associating VPN sites with the vWAN hub
Verifying vWAN configuration
Configuring integration with Azure AD domain services for VPN
Configuring FortiClient VPN with multifactor authentication
Azure AD acting as SAML IdP
SAML SSO login for FortiOS administrators with Azure AD acting as SAML IdP
Configuring SAML SSO login for SSL VPN web mode with Azure AD acting as SAML IdP
Azure Sentinel
Sending FortiGate logs for analytics and queries
Resources
Upgrade Path Tool
Home
Azure/Azure Stack
FortiGate / FortiOS
FortiVoice / FortiFone
FortiGate / FortiOS
FortiAnalyzer
FortiManager
FortiWeb
FortiTester
FortiAuthenticator
FortiADC
FortiSandbox
FortiWeb Manager
Select version:
6.4
6.2
6.0
5.6
Select version
6.4
6.2
6.0
5.6
Azure Cookbook
About FortiGate-VM for Azure
Instance type support
Region support
Models
Licensing
Order types
Creating a support account
Deploying FortiGate-VM on Azure
Azure services and components
Deploying FortiGate-VM from a VHD image file
Deploying FortiGate-VM in VM creation
Deploying FortiGate with a custom ARM template
Invoking a custom ARM template
Bootstrapping the FortiGate CLI at initial bootup using user data
Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data
Deploying FortiGate-VM using Azure PowerShell
Running PowerShell to deploy FortiGate-VM
Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data
Deploying FortiGate-VM on regional Azure clouds
Enabling accelerated networking on the FortiGate-VM
Upgrading FortiOS
Deploying auto scaling on Azure
Planning
Prerequisites
Obtaining the deployment package
Deploying FortiGate Autoscale for Azure
Creating a template deployment
Configurable variables
Uploading files to the Storage account
Verifying the deployment
Security features for network communication
Starting a VMSS
Connecting to the FortiGate-VM instances
Troubleshooting
Appendix
FortiGate Autoscale for Azure features
Cloud-init
Architectural diagrams
Single FortiGate-VM deployment
Registering and downloading your license
Subscribing to the FortiGate-VM
Connecting to the FortiGate-VM
Network interfaces and routes
Using public IP addresses
HA for FortiGate-VM on Azure
Deploying and configuring active-passive HA within one zone
About the ARM template
Reviewing the network topology
Checking the prerequisites
Invoking the ARM templates
Template parameters
Validating the deployment
Configuring the network via the CLI
Installing the FortiGate license (BYOL only)
Configuring multiple public IP addresses
Troubleshooting
Deploying and configuring active-passive HA between multiple zones
Deploying and configuring Azure load-balancing HA
Basic concepts
Locating FortiGate HA for Azure in the Azure portal marketplace
Determining your licensing model
Configuring FortiGate-VM initial parameters
Creating the VNet and subnets in network settings
Selecting the Azure instance type
Assigning the Azure IP address
Validating deployment resources
Creating the FortiGate-VM instances
Connecting to the FortiGate-VMs
Setting up a Windows server in the protected network
Configuring FortiGate firewall policies and virtual IP addresses
Public IP addresses with Azure public LB
(Failover test) Creating load balancing rules and accessing the Windows server via RDP
VNet peering
Deploying FortiGate-VM using Terraform
Security Fabric connector integration with Azure
Configuring a Fabric connector in Azure
Creating an Azure Fabric connector using service principal
Creating a Fabric connector using a managed identity
Configuring a managed identity on Azure
Enabling managed identities on Azure during deployment
Enabling managed identities on Azure after deployment
Access control
Configuring the managed identity on the FortiGate-VM
Creating an address
Dynamic address in a policy
Troubleshooting Azure Fabric connector
Fabric connector in Azure Kubernetes (AKS)
Fabric connector in Azure Stack
VPN for FortiGate-VM on Azure
Connecting a local FortiGate to an Azure VNet VPN
Connecting a local FortiGate to an Azure FortiGate via site-to-site VPN
vWAN
vWAN architecture diagram
Creating the vWAN
Adding VNet connections to the vWAN hub
Deploying the vWAN ARM template
Completing the prerequisites
Uploading Remote_sites.txt to a storage account
Deploying the ARM template
Associating VPN sites with the vWAN hub
Verifying vWAN configuration
Configuring integration with Azure AD domain services for VPN
Configuring FortiClient VPN with multifactor authentication
Azure AD acting as SAML IdP
SAML SSO login for FortiOS administrators with Azure AD acting as SAML IdP
Configuring SAML SSO login for SSL VPN web mode with Azure AD acting as SAML IdP
Azure Sentinel
Sending FortiGate logs for analytics and queries
6.2.0
6.4.0
6.2.0
Download PDF
Copy Link
Deploying FortiGate-VM using Terraform
See the following:
Single FortiGate-VM deployment
Active-passive HA cluster deployment
Resources
Upgrade Path Tool
Deploying FortiGate-VM using Terraform
See the following:
Single FortiGate-VM deployment
Active-passive HA cluster deployment
Link
PDF
TOC
FortiVoice / FortiFone
FortiGate / FortiOS
FortiAnalyzer
FortiManager
FortiWeb
FortiTester
FortiAuthenticator
FortiADC
FortiSandbox
FortiWeb Manager
