Master election was not successful
If the FortiGate-VM master election is not successful, reset the master election. If the reset does not solve the problem, please contact support.
Redeployment with existing VNet fails
Prior to redeploying with your existing VNet, you must ensure that the VNet meets the Requirements when using an existing VNet. You must also perform a VNet related cleanup using the following steps:
- Load the VNet resource group Overview page. If your deployment only has one resource group, this is the Autoscale resource group.
- Click the link under Deployments.
- From the Deployments page, click Microsoft.Template.
- In the navigation column, click Outputs.
- Copy the value of
cmdVNetCleanUpand run it as an Azure CLI command (click >_ to launch the CLI) to perform the required cleanup.
- If your deployment has two resource groups, delete the Autoscale resource group. Otherwise, delete the following components:
- Azure Cosmos DB account
- App Service
- Application Insights (if present)
- App Service plan
- Storage account
- Delete the following components from the VNet resource group:
- the Public Load balancer
- the Internal Load balancer
- the Virtual machine scale set for BYOL
- the Virtual machine scale set for PAYG
- the Public IP address (if created by the autoscale deployment and you don't want to reuse it)
Reset the master election
To reset the master election, navigate to the CosmosDB FortiGateAutoscale and open the table FortiGateMasterElection and delete the master record (the only item in the table).
A new master FortiGate-VM will be elected and a new record will be created in the table as the result.
For details on locating the CosmosDB FortiGateAutoscale and the table FortiGateMasterElection, refer to the master election portion of the section Verifying the deployment.
Stack has stopped working
If the stack stops working when it previously used to work, look up the Function App Additional Outbound IP Addresses and ensure that each listed IP address has a corresponding entry in the Cosmos DB firewall. Any IP address not listed in the Cosmos DB firewall will be blocked, thus causing the Autoscale function to be blocked.
For details on how the Cosmos DB firewall is configured, refer to the section Security features for network communication.
For details on when Function App outbound IP addresses change, refer to the Microsoft article When outbound IPs change.
Troubleshoot using Application Insights
Application Insights can help you troubleshoot the deployment. It is automatically enabled if your region supports it.
Environment variables are available to assist in troubleshooting the current FortiGate Autoscale deployment. These variables and details on how to use them are listed in the section Troubleshooting environment variables
To locate environment variables after deployment:
- Load the Function App. For detailed steps, refer to the Function App portion of the section Verifying the deployment.
- Under Configured features, click Configuration .
- Edit settings as needed.
Changing environment variables other than the troubleshooting ones can cause unexpected behavior. Modify them at your own risk.