Chapter 10. Cloud Technologies
10.2 Deploy FortiGate in Azure
Learning Objectives
- Create a FortiGate firewall in Azure through Marketplace
- Identify FortiGate subnets in Azure
Scenario: In this lab, we’ll learn how to deploy FortiGate in Azure.
- Go to Azure Marketplace and search for FortiGate.
- Select Fortinet FortiGate Next-Generation Firewall.
- Then, Select Single VM from dropdown list.
- Create a firewall information as Figure 10.41.
- Leave other tabs as default and press on “Review+ create”. It will validate your information and then you can create a FortiGate Firewall.
- Then, it will start deployment of FortiGate. It takes around 5 minutes to deploy FortiGate.
- After deployment is completed, go to Resource group > FortiGate > Overview and look for FortiGate Public IP address.
- Type the IP address in the browser. You should be able to see the FortiGate credentials page. Enter your username and password to login in the firewall.
- Based on Fortinet description, we have three subnets in Azure for FortiGate. External, Internal and Protected. If you are planning to connect a new virtual machine to the firewall internal interface, you should connect it to the Protected subnet.
| Subnet | Description |
|---|---|
| Subnet1 | External subnet used to connect the FortiGate-VM to the Internet. |
| Subnet2 | Internal subnet used as a transit network to one or multiple protected networks containing backend services, such as the web server. |
| Subnet3 | Protected subnet used to deploy services. You can deploy multiples of these subnets. The traffic is sent to the FortiGate for inspection using UDR. |