Deploying FortiGate NVAs in vWAN hub

In Azure Marketplace, deploy FortiGate network virtual machines (NVAs) in the virtual WAN hub.

The Scale Unit option controls the type and number of FortiGate NVAs created. See Order types in vWAN.

The FortiGate NVAs are displayed as a group in FortiManager, and the name of the group in FortiManager is based on the FortiGate Name Prefix option in Azure.

To deploy FortiGate NVAs in vWAN hub:

1. On Azure marketplace, deploy the Fortinet FortiGate Security for Azure Virtual WAN application and set the following NVA instance and managed application options:

   

2. Click Next: FortiGate Secure SDWAN in Virtual WAN, and set the following options:

   

   Scale units cannot change dynamically. If you want to use a different scale unit after deploying the NVAs, you must re-deploy the NVAs. Each scale unit creates two FortiGate NVAs in the Microsoft Azure VWAN hub. For more information about scale units, see Order types in vWAN. The FortiManager IP address must be public.

3. To configure the internet-inbound deployment, do the following. FortiOS 7.4.4 and later versions support this deployment. This feature is in preview.
   1. Select Enable Internet Inbound Feature.
   2. The attached public IP address must be of a standard SKU. From the Public IP address for the Internet inbound Server Load balancer dropdown list, select the desired standard SKU IP address. If you are creating a new public IP address, select Create new > Standard.

      

   You can create additional public IP addresses after deployment on the Azure portal by going to vWAN > Hubs > NVA > Manage Configurations, then selecting Settings > Internet Inbound. This feature requires additional configuration. See Configuring internet inbound/DNAT policies without FortiManager.

4. Make a note of the FortiGate BGP ASN setting. The default is 64512.
5. Click Review + Create.
6. Click Create.