Fortinet deployment overview
This deployment guide describes the provisioning steps required to:
- Use Azure Marketplace to create a virtual WAN (vWAN).
- Use Azure Marketplace to create a virtual WAN hub.
- Use Azure Marketplace to deploy FortiGate network virtual appliances (NVAs) into the vWAN hub.
- Use the Azure portal to configure virtual network (VNET) peering to your VNETs.
- Use FortiManager to authorize the deployed FortiGate NVAs for management.
- Use FortiManager to license and configure the FortiGate NVAs .
- Use FortiManager to configure the FortiGate NVAs as SD-WAN hubs and branch FortiGates as SD-WAN spokes.
Following is an example of a fully deployed vWAN architecture:
In this topology, FortiGate NVAs are deployed into the vWAN Hub. The size of the VMs is determined by the scale units. (See Order types in vWAN.) The FortiGates must be managed by FortiManager because no management access (HTTP/HTTPS/SSH) is allowed to the FortiGates. FortiManager can be hosted on any cloud platform or on premise. Finally, the FortiGate NVAs form FGSP peering to share session information.
Diving into the SD-WAN configuration, the FortiGate NVAs act as the hub, while the branch FortiGates act as the spokes. Each FortiGate has dual WAN for overlay connections.
For more information, see Multiple Datacenters for Enterprise (primary/secondary).