Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate CNF Administration Guide

    Adding an Azure account

    Adding an Azure account

    Note

    Azure accounts cannot be edited after they are fully added (the Status is Success), but the custom name can be changed.
    To add a new Azure account:

    1. Configure Azure:

      1. In the Azure console, log in to your Azure subscription.

      2. Create or reuse a managed identity and assign User Access Administrator and Contributor roles for the Azure subscription. Additionally, assign the Entra ID role Application Administrator to this managed identity.

        This managed identity is used to deploy an ARM Template to onboard the Azure account into FortiGate CNF. Please note that the storage account (for FortiGate CNF logs) will be created in the same resource group as the managed identity.

    2. In the FortiGate CNF console, go to Cloud Accounts.

    3. Click New, then select Azure.

    4. In Azure Account Name, enter a name for the account.

    5. Enter the Azure Directory ID and the Azure Subscription ID.

    6. Click Launch ARM Template.

      The Azure portal opens.

    7. Enter the Managed Identity Name and Resource Group.

    8. Click Review + Create, then click Create.

      The deployment script runs.

      To review the template, click Download ARM Template.

      The template does the following:

      • Creates a storage account for storing the FortiGate CNF logs, with write permissions for FortiGate CNF.

      • Allows FortiGate CNF access to your networks.

    9. Click Outputs, then copy the value from spObjectId.

    10. In the FortiGate CNF console, in Service Principal Object ID, enter the spObjectId value. See Service Principal Object ID.

    11. Click Update.

      The Azure account is added to the Cloud Accounts list with status Success.

    Service Principal Object ID

    The Service Principal Object ID is used by FortiGate CNF to access your Azure environment.

    A FortiGate CNF Azure app registration is used for all customer environment-related operations. This app registration requires access to your Azure environment for operations such as linking load balancers and dynamic address objects.

    The ARM Template creates a Service Principal in your Azure environment to provide the FortiGate CNF app registration the access required to perform these operations.

    Previous
    Next

    Adding an Azure account

    Adding an Azure account

    Note

    Azure accounts cannot be edited after they are fully added (the Status is Success), but the custom name can be changed.
    To add a new Azure account:

    1. Configure Azure:

      1. In the Azure console, log in to your Azure subscription.

      2. Create or reuse a managed identity and assign User Access Administrator and Contributor roles for the Azure subscription. Additionally, assign the Entra ID role Application Administrator to this managed identity.

        This managed identity is used to deploy an ARM Template to onboard the Azure account into FortiGate CNF. Please note that the storage account (for FortiGate CNF logs) will be created in the same resource group as the managed identity.

    2. In the FortiGate CNF console, go to Cloud Accounts.

    3. Click New, then select Azure.

    4. In Azure Account Name, enter a name for the account.

    5. Enter the Azure Directory ID and the Azure Subscription ID.

    6. Click Launch ARM Template.

      The Azure portal opens.

    7. Enter the Managed Identity Name and Resource Group.

    8. Click Review + Create, then click Create.

      The deployment script runs.

      To review the template, click Download ARM Template.

      The template does the following:

      • Creates a storage account for storing the FortiGate CNF logs, with write permissions for FortiGate CNF.

      • Allows FortiGate CNF access to your networks.

    9. Click Outputs, then copy the value from spObjectId.

    10. In the FortiGate CNF console, in Service Principal Object ID, enter the spObjectId value. See Service Principal Object ID.

    11. Click Update.

      The Azure account is added to the Cloud Accounts list with status Success.

    Service Principal Object ID

    The Service Principal Object ID is used by FortiGate CNF to access your Azure environment.

    A FortiGate CNF Azure app registration is used for all customer environment-related operations. This app registration requires access to your Azure environment for operations such as linking load balancers and dynamic address objects.

    The ARM Template creates a Service Principal in your Azure environment to provide the FortiGate CNF app registration the access required to perform these operations.

    Previous
    Next