Adding an endpoint to an Azure instance

FortiGate CNF instances can protect resources with an Azure public IP: either a VM with a public IP or a load balancer with a public IP.

You must first create and configure the load balancer or VM in the Azure portal.

When you link the FortiGate CNF instance to the given public IP, FortiGate CNF routes traffic in or out of the public IP to the FortiGate CNF instance before sending the traffic to its destination. This does not create any additional resources in your specified resource group.

After linking a load balancer to an Azure FortiGate CNF instance, the following components of the load balancer are no longer editable in the Azure portal: Health probes. Backend pool instances and network interfaces. There may be other components that cannot be edited depending on your Azure environment. If possible, configure the load balancer completely before linking to an FortiGate CNF instance. See Editing a linked load balancer.

FortiGate CNF does not support Azure Basic public IP. The public IP must be created as a Standard public IP.

To connect an existing public IP to an Azure instance:

1. In CNF Instances, select an instance and click Edit.

2. Click Configure Azure Endpoints.

3. In the table, click Link Existing.

4. Select the Resource Type from the following options:

   • Load Balancer: Connect to an Azure load balancer with a standard public IP.

   • Virtual Machine: Connect to a virtual machine with a standard public IP.

5. In Account, select the Azure account that contains the VM or load balancer.

6. Select the Resource Group that contains the VM or load balancer.

7. In Load Balancer or Virtual Machine, select the appropriate resource to link.

8. For a load balancer, select the appropriate Frontend IP Configurations.

   For a virtual machine, select the appropriate Network Interface.

9. Click OK. FortiGate CNF connects to the resource, which may take several minutes. The status of the instance displays as Active when this process is complete.