Fortinet black logo

Azure Administration Guide

Home FortiGate Public Cloud 6.2.0 Azure Administration Guide

Network interfaces and routes

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 0489513b-b3c1-11e9-a989-00505692583a:609353
Download PDF

Network interfaces and routes

Azure DHCP preconfigures the interfaces as shown.

Additionally, there are also two static routes:

  • Azure uses the 168.63.129.16 address for various services. Having this route in place allows the FortiGate-VM to respond.
  • There is also a route out port2 (also the trusted/internal interface) with the VNET prefix as the destination. This provides a route to any additional subnets that may be created.

In the routing monitor, there are connected routes to the two subnets and a default route out port1 (the untrusted/public interface). Azure DHCP also provides this default route.

The "InsideSubnet-routes..." route table forces Internet-bound traffic to egress through the FortiGate port2 interface. If other subnets are created, add this route table to those subnets to provide the same egress filtering.

Previous
Next

Network interfaces and routes

Azure DHCP preconfigures the interfaces as shown.

Additionally, there are also two static routes:

  • Azure uses the 168.63.129.16 address for various services. Having this route in place allows the FortiGate-VM to respond.
  • There is also a route out port2 (also the trusted/internal interface) with the VNET prefix as the destination. This provides a route to any additional subnets that may be created.

In the routing monitor, there are connected routes to the two subnets and a default route out port1 (the untrusted/public interface). Azure DHCP also provides this default route.

The "InsideSubnet-routes..." route table forces Internet-bound traffic to egress through the FortiGate port2 interface. If other subnets are created, add this route table to those subnets to provide the same egress filtering.

Previous
Next