Fortinet black logo

Azure Administration Guide

Running PowerShell to deploy FortiGate-VM

Copy Link
Copy Doc ID f296b45a-a61f-11ec-9fd1-fa163e15d75b:867066
Download PDF

Running PowerShell to deploy FortiGate-VM

The instructions assume that PowerShell is already installed on the Windows machine. For details on installing and running PowerShell, see How to install Azure PowerShell.

To run PowerShell to deploy FortiGate-VM:
  1. Log into a Windows machine and invoke the PowerShell console.
  2. Obtain the sample PowerShell script file from GitHub.
  3. You must edit the content according to your own Azure environment. The ps1 file contains comments for sections that require modification. Editing the file using Visual Studio with the PowerShell extension installed is recommended. In the $vmsize field, enter the desired instance type based on the number of virtual CPU cores.

    A section you must modify is the $vmsize field. Enter the desired instance type here. Recommended types are the following compute-optimized instances:

    • Standard_F1
    • Standard_F2
    • Standard_F4
    • Standard_F8
    • Standard_F1s
    • Standard_F2s
    • Standard_F4s
    • Standard_F8s
    • Standard_F16s
    • Standard_F2s_v2
    • Standard_F4s_v2
    • Standard_F8s_v2
    • Standard_F16s_v2
    • Standard_F32s_v2
    • Standard_F64s_v2
    • Standard_F72s_v2
    note icon

    Instances with over 32 vCPU require a FG-VMUL license, which can support an unlimited number of CPU cores.

  4. This sample file can deploy the FortiGate-VM in an existing VNet under an existing resource group. Before running the ps1 file, create the following Azure elements:
    • Resource group
    • VNet with a subnet. If you attach multiple NICs to the FortiGate-VM, create as many subnets as the number of NICs before running the ps1 file.
    • Container to copy your FortiGate-VM image file
    • Blob where to create an OS and a data disk file to launch a FortiGate-VM instance
  5. Manually create security groups and route tables after deploying the FortiGate-VM as the sample ps1 file does not create these.
  6. Download the FortiGate-VM vhd image:
    1. Go to Customer Service & Support > Download > VM Images.
    2. From the Select Product dropdown list, select FortiGate.
    3. From the Select Platform dropdown list, select Azure.
    4. Select the desired 7.2 version.
    5. Download the FGT_VM64_AZURE-v6-buildXXXX-FORTINET.out.hyperv.zip file.
    6. Unzip the downloaded file. Place the fortios.vhd file in the C:\Azure\vhds directory. You can change the path using the $sourceVhd parameter in the ps1 file.
  7. Run the ps1 file. In this example, the filename is fortigate-deploy-powershell.ps1:

    PS C:\\Users\Administrator> .\fortigate-deploy-powershell.ps1

    1. The system prompts you for a number of network instances. Enter a number between 1 and 4.
    2. The system prompts you to log into Azure by entering your username and password. Enter your credentials.

    3. The execution continues. If you encounter an error (shown in red), resolve it, manually clean up newly generated files, then retry the execution. If you do not clean up the files, the next execution attempt results in an error. Manually clean up files by doing the following:
      1. Remove files created in your container and blob under your storage account.
      2. Remove network resources created under your specified resource group.
      3. Diagnostic files are created under your storage account. Remove these files if they are unnecessary.

    The sample ps1 file is provided for your reference. If you need to modify or author it as your organization requires, you are expected to be able to do so on your own.

    Execution takes about ten minutes to complete.

  8. Access the FortiGate-VM after executing the ps1 file:
    1. Go to the resource group and click the specified VM name.

    2. Click the FortiGate-VM hostname and find its public IP address.

    3. In a browser, access https://<public IP address>. Enter the admin username and password specified in the ps1 file to log in.

Running PowerShell to deploy FortiGate-VM

The instructions assume that PowerShell is already installed on the Windows machine. For details on installing and running PowerShell, see How to install Azure PowerShell.

To run PowerShell to deploy FortiGate-VM:
  1. Log into a Windows machine and invoke the PowerShell console.
  2. Obtain the sample PowerShell script file from GitHub.
  3. You must edit the content according to your own Azure environment. The ps1 file contains comments for sections that require modification. Editing the file using Visual Studio with the PowerShell extension installed is recommended. In the $vmsize field, enter the desired instance type based on the number of virtual CPU cores.

    A section you must modify is the $vmsize field. Enter the desired instance type here. Recommended types are the following compute-optimized instances:

    • Standard_F1
    • Standard_F2
    • Standard_F4
    • Standard_F8
    • Standard_F1s
    • Standard_F2s
    • Standard_F4s
    • Standard_F8s
    • Standard_F16s
    • Standard_F2s_v2
    • Standard_F4s_v2
    • Standard_F8s_v2
    • Standard_F16s_v2
    • Standard_F32s_v2
    • Standard_F64s_v2
    • Standard_F72s_v2
    note icon

    Instances with over 32 vCPU require a FG-VMUL license, which can support an unlimited number of CPU cores.

  4. This sample file can deploy the FortiGate-VM in an existing VNet under an existing resource group. Before running the ps1 file, create the following Azure elements:
    • Resource group
    • VNet with a subnet. If you attach multiple NICs to the FortiGate-VM, create as many subnets as the number of NICs before running the ps1 file.
    • Container to copy your FortiGate-VM image file
    • Blob where to create an OS and a data disk file to launch a FortiGate-VM instance
  5. Manually create security groups and route tables after deploying the FortiGate-VM as the sample ps1 file does not create these.
  6. Download the FortiGate-VM vhd image:
    1. Go to Customer Service & Support > Download > VM Images.
    2. From the Select Product dropdown list, select FortiGate.
    3. From the Select Platform dropdown list, select Azure.
    4. Select the desired 7.2 version.
    5. Download the FGT_VM64_AZURE-v6-buildXXXX-FORTINET.out.hyperv.zip file.
    6. Unzip the downloaded file. Place the fortios.vhd file in the C:\Azure\vhds directory. You can change the path using the $sourceVhd parameter in the ps1 file.
  7. Run the ps1 file. In this example, the filename is fortigate-deploy-powershell.ps1:

    PS C:\\Users\Administrator> .\fortigate-deploy-powershell.ps1

    1. The system prompts you for a number of network instances. Enter a number between 1 and 4.
    2. The system prompts you to log into Azure by entering your username and password. Enter your credentials.

    3. The execution continues. If you encounter an error (shown in red), resolve it, manually clean up newly generated files, then retry the execution. If you do not clean up the files, the next execution attempt results in an error. Manually clean up files by doing the following:
      1. Remove files created in your container and blob under your storage account.
      2. Remove network resources created under your specified resource group.
      3. Diagnostic files are created under your storage account. Remove these files if they are unnecessary.

    The sample ps1 file is provided for your reference. If you need to modify or author it as your organization requires, you are expected to be able to do so on your own.

    Execution takes about ten minutes to complete.

  8. Access the FortiGate-VM after executing the ps1 file:
    1. Go to the resource group and click the specified VM name.

    2. Click the FortiGate-VM hostname and find its public IP address.

    3. In a browser, access https://<public IP address>. Enter the admin username and password specified in the ps1 file to log in.