Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.4.0
Download PDF
Copy Link

Verifying the deployment

FortiGate Autoscale for Azure deploys the following components:

  • 1 Public Load balancer
    • This load balancer will be associated with the FortiGate subnet and the Frontend Public IP address to receive inbound traffic.
  • 1 Internal Load balancer
    • This load balancer will be associated with all 4 subnets.
  • 1 Network security group (associated with all 4 subnets)
  • 1 Virtual machine scale set for BYOL
  • 1 Virtual machine scale set for PAYG
  • 1 Virtual network
  • 1 Public IP address
  • 3 Route tables
  • 1 Azure Cosmos DB account
  • 1 App Service (this is the Function App)
  • 1 Application Insights (automatically enabled if your region supports it)
  • 1 App Service plan
  • 1 Storage account

For deployments that have two resource groups, the network related components are deployed to the VNet resource group and the DB, Storage account, and Function App related components are deployed to the Autoscale resource group.

FortiGate Autoscale for Azure is fully deployed once you verify the following components:

To load a resource group:
  1. In the Azure console, from the left navigation column, select Resource groups.
  2. Locate the resource group you wish to load by scrolling through the list or by using one or more of the name, subscription, and location filters. In the example below, this is fgtasg-rg.

    Locate resource group

  3. Click the name to load the resource group Overview page. In the example deployment, the VNet resource group is the same as the Autoscale resource group.

    Resource group overview page

To verify the Function App:

From the Autoscale resource group Overview page, load the Function App by clicking the name of the item of type App Service.

You should see three functions on the left:

  • custom-log: A function to retrieve function logs for troubleshooting purposes.
  • fgt-asg-handler: The main autoscaling function.
  • byol-license: The function to distribute BYOL licenses.

The Function App Overview page will look as shown below:

Function App overview page

To verify the database:
  1. From the Autoscale resource group Overview page, click the Azure Cosmos DB account name.
  2. From the navigation column, click Data Explorer.

You will see the following DB and tables:

  • Database: FortiGateAutoscale
  • Tables:
    • CustomLog
    • FortiGateAutoscale
    • FortiGateMasterElection
    • LicenseStock
    • LicenseUsage
    • Settings
    • VmInfoCache

The database Data Explorer page will look as shown below:

Database tables

To verify the master election:

The elected master FortiGate-VM will be logged in the CosmosDB FortiGateAutoscale in the table FortiGateMasterElection.

  1. Expand the FortiGateMasterElection table and click on Items.
  2. The master record will be the only item in the table. Click the master record.

In the master record,

  • scalingGroupName is the name of the Scale Set in which the master FortiGate-VM is located.
  • ip is the primary private IP address of the current master FortiGate-VM.
  • instanceId is the index of the FortiGate-VM in the Scale Set.
  • vpcId is the ID of the VPC in which the master FortiGate-VM instance is located.
  • subnetId is the ID of the subnet in which the master FortiGate-VM is located.
  • voteEndTime is the Unix time stamp for when this master election should expire if the vote state cannot change to done by this time.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress. You should wait for its completion. At this point in time, the final master instance is not yet known.
    • done: the master election process is done.

The Items page will look as shown below:

Items page with Master record

Resources

Verifying the deployment

FortiGate Autoscale for Azure deploys the following components:

  • 1 Public Load balancer
    • This load balancer will be associated with the FortiGate subnet and the Frontend Public IP address to receive inbound traffic.
  • 1 Internal Load balancer
    • This load balancer will be associated with all 4 subnets.
  • 1 Network security group (associated with all 4 subnets)
  • 1 Virtual machine scale set for BYOL
  • 1 Virtual machine scale set for PAYG
  • 1 Virtual network
  • 1 Public IP address
  • 3 Route tables
  • 1 Azure Cosmos DB account
  • 1 App Service (this is the Function App)
  • 1 Application Insights (automatically enabled if your region supports it)
  • 1 App Service plan
  • 1 Storage account

For deployments that have two resource groups, the network related components are deployed to the VNet resource group and the DB, Storage account, and Function App related components are deployed to the Autoscale resource group.

FortiGate Autoscale for Azure is fully deployed once you verify the following components:

To load a resource group:
  1. In the Azure console, from the left navigation column, select Resource groups.
  2. Locate the resource group you wish to load by scrolling through the list or by using one or more of the name, subscription, and location filters. In the example below, this is fgtasg-rg.

    Locate resource group

  3. Click the name to load the resource group Overview page. In the example deployment, the VNet resource group is the same as the Autoscale resource group.

    Resource group overview page

To verify the Function App:

From the Autoscale resource group Overview page, load the Function App by clicking the name of the item of type App Service.

You should see three functions on the left:

  • custom-log: A function to retrieve function logs for troubleshooting purposes.
  • fgt-asg-handler: The main autoscaling function.
  • byol-license: The function to distribute BYOL licenses.

The Function App Overview page will look as shown below:

Function App overview page

To verify the database:
  1. From the Autoscale resource group Overview page, click the Azure Cosmos DB account name.
  2. From the navigation column, click Data Explorer.

You will see the following DB and tables:

  • Database: FortiGateAutoscale
  • Tables:
    • CustomLog
    • FortiGateAutoscale
    • FortiGateMasterElection
    • LicenseStock
    • LicenseUsage
    • Settings
    • VmInfoCache

The database Data Explorer page will look as shown below:

Database tables

To verify the master election:

The elected master FortiGate-VM will be logged in the CosmosDB FortiGateAutoscale in the table FortiGateMasterElection.

  1. Expand the FortiGateMasterElection table and click on Items.
  2. The master record will be the only item in the table. Click the master record.

In the master record,

  • scalingGroupName is the name of the Scale Set in which the master FortiGate-VM is located.
  • ip is the primary private IP address of the current master FortiGate-VM.
  • instanceId is the index of the FortiGate-VM in the Scale Set.
  • vpcId is the ID of the VPC in which the master FortiGate-VM instance is located.
  • subnetId is the ID of the subnet in which the master FortiGate-VM is located.
  • voteEndTime is the Unix time stamp for when this master election should expire if the vote state cannot change to done by this time.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress. You should wait for its completion. At this point in time, the final master instance is not yet known.
    • done: the master election process is done.

The Items page will look as shown below:

Items page with Master record