Fortinet white logo
Fortinet white logo

Azure vWAN SD-WAN NGFW Deployment Guide

7.6.0

Adding Azure router BGP neighbors

Adding Azure router BGP neighbors

In this step we will add our BGP neighbors in Azure vWAN. The BGP neighbors distribute all the necessary routes inside Azure, and then advertise them to the rest of the SD-WAN region.

The BGP neighbors must be added to a CLI template for execution. See also Verifying BGP communication between FortiGate NVAs.

Note

FortiManager purges configuration before installing the SD-WAN Overlay template for the first time. This step replaces critical BGP configuration to counter the purge. See also Purged configuration information.

Following is a summary of the procedure:

  1. In Azure portal, obtain the ASN and IP address numbers for the BGP peers. See Obtaining ASN and IP address numbers.
  2. In FortiManager, edit the BGP template to include the ASN and IP address numbers. See Editing the BGP template.

Obtaining ASN and IP address numbers

We need to locate the ASN and IP numbers for the vWAN hub. Then we can use the numbers to configure BGP neighbors for both hubs by using the BGP template in FortiManager.

To obtain ASN and IP address numbers:
  1. In the Azure portal, go to the virtual WAN hub. See Creating the virtual WAN hub.
  2. In the left navigation, select the BGP Peers section to view the ASN and IP numbers.

Editing the BGP template

In this section, we edit the BGP template to add the ASN and IP address numbers from the Azure vWAN hub.

Note

Azure accepts the configuration set in the Advanced section of the BGP route associations on FortiManager when the configuration is pushed.

To edit the BGP template:
  1. Go to Device Manager > Provisioning Templates > BGP Templates.
  2. Double-click the *_HUB1_BGP or *_HUB2_BGP template to open it for editing.
  3. Under Neighbors, click Create New Neighbor.
  4. Set the following options:
    1. Set IP and Remote AS to the numbers obtained from the Azure portal for the vWAN hub.
    2. Set Interface to port2.
    3. Under Advanced Options set ebgp-enforce-multihop to ON.

    4. Click OK to save the changes.
  5. Repeat this procedure for both neighbor IP addresses on both HUBs.

Adding Azure router BGP neighbors

Adding Azure router BGP neighbors

In this step we will add our BGP neighbors in Azure vWAN. The BGP neighbors distribute all the necessary routes inside Azure, and then advertise them to the rest of the SD-WAN region.

The BGP neighbors must be added to a CLI template for execution. See also Verifying BGP communication between FortiGate NVAs.

Note

FortiManager purges configuration before installing the SD-WAN Overlay template for the first time. This step replaces critical BGP configuration to counter the purge. See also Purged configuration information.

Following is a summary of the procedure:

  1. In Azure portal, obtain the ASN and IP address numbers for the BGP peers. See Obtaining ASN and IP address numbers.
  2. In FortiManager, edit the BGP template to include the ASN and IP address numbers. See Editing the BGP template.

Obtaining ASN and IP address numbers

We need to locate the ASN and IP numbers for the vWAN hub. Then we can use the numbers to configure BGP neighbors for both hubs by using the BGP template in FortiManager.

To obtain ASN and IP address numbers:
  1. In the Azure portal, go to the virtual WAN hub. See Creating the virtual WAN hub.
  2. In the left navigation, select the BGP Peers section to view the ASN and IP numbers.

Editing the BGP template

In this section, we edit the BGP template to add the ASN and IP address numbers from the Azure vWAN hub.

Note

Azure accepts the configuration set in the Advanced section of the BGP route associations on FortiManager when the configuration is pushed.

To edit the BGP template:
  1. Go to Device Manager > Provisioning Templates > BGP Templates.
  2. Double-click the *_HUB1_BGP or *_HUB2_BGP template to open it for editing.
  3. Under Neighbors, click Create New Neighbor.
  4. Set the following options:
    1. Set IP and Remote AS to the numbers obtained from the Azure portal for the vWAN hub.
    2. Set Interface to port2.
    3. Under Advanced Options set ebgp-enforce-multihop to ON.

    4. Click OK to save the changes.
  5. Repeat this procedure for both neighbor IP addresses on both HUBs.