Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Azure FortiGate-VM vWAN NVA support for PAYG metered billing 7.4.4

    Azure FortiGate-VM vWAN NVA support for PAYG metered billing 7.4.4

    Azure virtual WAN (vWAN) network virtual appliance (NVA) deployments support the FGT_VM64_AZURE pay as you go (PAYG) licensing model.

    To deploy a PAYG FortiGate-VM for Azure vWAN NVA deployment:
    1. Configure the required resources in Azure:
      1. In the Azure CLI, run the following to create a resource group, vWAN, and hub: 
        az account set --subscription BYOL-DevOps
LOC="westcentralus"
RG="6899_PMDB26235_vWAN_PAYG"
VWAN="ALPHA"
VHUB="PAYG"
CIDR="172.31.0.0/24"

az group create --name $RG --location $LOC
az network vwan create --resource-group $RG --name $VWAN
az network vhub create --resource-group $RG --vwan $VWAN --name $VHUB --address-prefix $CIDR

{
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG",
  "location": "westcentralus",
  "managedBy": null,
  "name": "vWAN_PAYG",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": {
    "CreatedOnDate": "2024-04-08T21:23:43.4609191Z"
  },
  "type": "Microsoft.Resources/resourceGroups"
}

{
  "allowBranchToBranchTraffic": true,
  "allowVnetToVnetTraffic": null,
  "disableVpnEncryption": false,
  "etag": "W/\"abcdefg\"",
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualWans/ALPHA",
  "location": "westcentralus",
  "name": "ALPHA",
  "office365LocalBreakoutCategory": "None",
  "provisioningState": "Succeeded",
  "resourceGroup": "vWAN_PAYG",
  "tags": null,
  "type": "Microsoft.Network/virtualWans",
  "typePropertiesType": "Standard",
  "virtualHubs": null,
  "vpnSites": null
}
{
  "addressPrefix": "172.31.0.0/24",
  "allowBranchToBranchTraffic": false,
  "etag": "W/\"abcdefg\"",
  "hubRoutingPreference": "ExpressRoute",
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualHubs/PAYG",
  "location": "westcentralus",
  "name": "PAYG",
  "provisioningState": "Succeeded",
  "resourceGroup": "vWAN_PAYG",
  "routeTable": {
    "routes": []
  },
  "routingState": "Provisioning",
  "type": "Microsoft.Network/virtualHubs",
  "virtualHubRouteTableV2s": [],
  "virtualRouterAsn": 65515,
  "virtualRouterAutoScaleConfiguration": {
    "minCapacity": 2
  },
  "virtualRouterIps": [],
  "virtualWan": {
    "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualWans/ALPHA",
    "resourceGroup": "vWAN_PAYG"
  }
}
packet@ubuntu:~/tmp$
packet@ubuntu:~/tmp$ az network vhub show -g $RG -n $VHUB
{
  "addressPrefix": "172.31.0.0/24",
  "allowBranchToBranchTraffic": false,
  "etag": "W/\"abcdefg\"",
  "hubRoutingPreference": "ExpressRoute",
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualHubs/PAYG",
  "location": "westcentralus",
  "name": "PAYG",
  "provisioningState": "Succeeded",
  "resourceGroup": "vWAN_PAYG",
  "routeTable": {
    "routes": []
  },
  "routingState": "Provisioned",
  "type": "Microsoft.Network/virtualHubs",
  "virtualHubRouteTableV2s": [],
  "virtualRouterAsn": 65515,
  "virtualRouterAutoScaleConfiguration": {
    "minCapacity": 2
  },
  "virtualRouterIps": [
    "172.31.0.69",
    "172.31.0.68"
  ],
  "virtualWan": {
    "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualWans/ALPHA",
    "resourceGroup": "vWAN_PAYG"
  }
}
packet@ubuntu:~/tmp$
      2. Azure takes up to 30 minutes to provision the required resources for vWAN and the virtual hub. Azure creates routers and updates its firmware. Once Hub status displays as Succeeded, Router Version displays as Latest, and Routing status displays as Provisioned, go to the Azure portal to provision FGT_VM64_AZURE PAYG as an NVA.
    2. Create a FortiGate-managed application for vWAN:
      1. From the FortiGate Image SKU dropdown list, select Pay As you Go (PAYG).
      2. From the Fortigate Image Version dropdown list, select latest. Configure other fields as desired, then click Next.

      3. From the Virtual WAN Hub dropdown list, select the vWAN hub that you created earlier. Configure other fields as desired, then click Next.
      4. The external load balancer public IP SKU is standard and unavailable for customization. Click Next.
      5. If desired, create tags. Click Next.
      6. Agree to the terms and conditions, then click Create.
    3. Deployment takes 10-15 minutes. Connect to the FGT_VM64_AZURE PAYG instances using the IP addresses in the Public IP Address column for each hub and the FortiGate administrative username and FortiGate password that you configured.

    4. Configure static routes and verify that BGP neighbors are established between the FGT_VM64_AZURE PAYG instances and Azure vWAN routers:
      config router static
    edit 1
        set gateway 172.31.0.241
        set device "port1"
    next
    edit 68
        set dst 172.31.0.68/32
        set gateway 172.31.0.225
        set device "port2"
    next
    edit 69
        set dst 172.31.0.69/32
        set gateway 172.31.0.225
        set device "port2"
    next
end

fg-sdfw-cgixxtfyreom~000 (Interim)# get router info bgp neighbors | grep "BGP neighbor" -A4
BGP neighbor is 172.31.0.68, remote AS 65515, local AS 64512, external link
  BGP version 4, remote router ID 172.31.0.68
  BGP state = Established, up for 1d02h26m
  Last read 00:00:01, hold time is 180, keepalive interval is 60 seconds
  Configured hold time is 180, keepalive interval is 60 seconds
--
  External BGP neighbor may be up to 255 hops away.
Local host: 172.31.0.230, Local port: 179
Foreign host: 172.31.0.68, Foreign port: 58626
Egress interface: 5
Nexthop: 172.31.0.230
--
BGP neighbor is 172.31.0.69, remote AS 65515, local AS 64512, external link
  BGP version 4, remote router ID 172.31.0.69
  BGP state = Established, up for 1d02h26m
  Last read 00:00:20, hold time is 180, keepalive interval is 60 seconds
  Configured hold time is 180, keepalive interval is 60 seconds
--
  External BGP neighbor may be up to 255 hops away.
Local host: 172.31.0.230, Local port: 179
Foreign host: 172.31.0.69, Foreign port: 58252
Egress interface: 5
Nexthop: 172.31.0.230

fg-sdfw-cgixxtfyreom~000 (Interim)#
fg-sdfw-cgixxtfyreom~000 (Interim)# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       V - BGP VPNv4
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 172.31.0.241, port1, [1/0]
S       168.63.129.16/32 [5/0] via 172.31.0.241, port1, [1/0]
S       169.254.169.254/32 [5/0] via 172.31.0.241, port1, [1/0]
B       172.31.0.0/24 [20/0] via 172.31.0.68 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]
                      [20/0] via 172.31.0.69 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]
S       172.31.0.68/32 [10/0] via 172.31.0.225, port2, [1/0]
S       172.31.0.69/32 [10/0] via 172.31.0.225, port2, [1/0]
C       172.31.0.224/28 is directly connected, port2
C       172.31.0.240/28 is directly connected, port1
B       172.31.1.0/24 [20/0] via 172.31.0.68 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]
                      [20/0] via 172.31.0.69 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]

fg-sdfw-cgixxtfyreom~000 (Interim)#
    5. Verify vwan-payg-billing status and usage on the FGT_VM64_AZURE PAYG instances:
      
fg-sdfw-cgixxtfyreom~000 (Interim)# get system status
Version: FortiGate-VM64-AZURE v7.4.4,build4691,240329 (interim)
First GA patch build date: 230509
Security Level: 0
Firmware Signature: not-certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00527(2024-01-24 23:27)
Serial-Number: FGTAZRL12345
License Status: Valid
VM Resources: 2 CPU, 6971 MB RAM
Azure NVA: fg-sdfw-cgixxtfyreomy, Group ID = <group ID>
Azure NVA PAYG Billing: Valid
Log hard disk: Not available
Hostname: fg-sdfw-cgixxtfyreomy000000
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2639
Release Version Information: interim
FortiOS x86-64: Yes
System time: Wed Apr 10 13:12:42 2024
Last reboot reason: warm reboot

fg-sdfw-cgixxtfyreom~000 (Interim)#
fg-sdfw-cgixxtfyreom~000 (Interim)# execute azure vwan-payg-billing status
NVA metering state:
  last billing time: Wed Apr 10 12:02:33 2024
  billing dimension: cpucore2
  billing backlog: 0
  traffic limited: No

fg-sdfw-cgixxtfyreom~000 (Interim)# execute azure vwan-payg-billing usage
offerId: fortigate_vwan_nva-beta
planId: mgdfgthybrid-beta
usageResourceId: /subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Solutions/applications/managedApp

billingDimension: 1_cpucore2
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


billingDimension: cpucore2 (current instance)
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


fg-sdfw-cgixxtfyreom~000 (Interim)#


fg-sdfw-cgixxtfyreom~001 (Interim)# get system status
Version: FortiGate-VM64-AZURE v7.4.4,build4691,240329 (interim)
First GA patch build date: 230509
Security Level: 0
Firmware Signature: not-certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00527(2024-01-24 23:27)
Serial-Number: FGTAZR67890
License Status: Valid
VM Resources: 2 CPU, 6971 MB RAM
Azure NVA: fg-sdfw-cgixxtfyreomy, Group ID = <group ID>
Azure NVA PAYG Billing: Valid
Log hard disk: Not available
Hostname: fg-sdfw-cgixxtfyreomy000001
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2639
Release Version Information: interim
FortiOS x86-64: Yes
System time: Wed Apr 10 13:17:06 2024
Last reboot reason: warm reboot

fg-sdfw-cgixxtfyreom~001 (Interim)#
fg-sdfw-cgixxtfyreom~001 (Interim)# execute azure vwan-payg-billing status
NVA metering state:
  last billing time: Wed Apr 10 12:02:35 2024
  billing dimension: 1_cpucore2
  billing backlog: 0
  traffic limited: No

fg-sdfw-cgixxtfyreom~001 (Interim)# execute azure vwan-payg-billing usage
offerId: fortigate_vwan_nva-beta
planId: mgdfgthybrid-beta
usageResourceId: /subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Solutions/applications/managedApp

billingDimension: 1_cpucore2 (current instance)
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


billingDimension: cpucore2
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


fg-sdfw-cgixxtfyreom~001 (Interim)#
    Previous
    Next

    Azure FortiGate-VM vWAN NVA support for PAYG metered billing 7.4.4

    Azure FortiGate-VM vWAN NVA support for PAYG metered billing 7.4.4

    Azure virtual WAN (vWAN) network virtual appliance (NVA) deployments support the FGT_VM64_AZURE pay as you go (PAYG) licensing model.

    To deploy a PAYG FortiGate-VM for Azure vWAN NVA deployment:
    1. Configure the required resources in Azure:
      1. In the Azure CLI, run the following to create a resource group, vWAN, and hub: 
        az account set --subscription BYOL-DevOps
LOC="westcentralus"
RG="6899_PMDB26235_vWAN_PAYG"
VWAN="ALPHA"
VHUB="PAYG"
CIDR="172.31.0.0/24"

az group create --name $RG --location $LOC
az network vwan create --resource-group $RG --name $VWAN
az network vhub create --resource-group $RG --vwan $VWAN --name $VHUB --address-prefix $CIDR

{
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG",
  "location": "westcentralus",
  "managedBy": null,
  "name": "vWAN_PAYG",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": {
    "CreatedOnDate": "2024-04-08T21:23:43.4609191Z"
  },
  "type": "Microsoft.Resources/resourceGroups"
}

{
  "allowBranchToBranchTraffic": true,
  "allowVnetToVnetTraffic": null,
  "disableVpnEncryption": false,
  "etag": "W/\"abcdefg\"",
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualWans/ALPHA",
  "location": "westcentralus",
  "name": "ALPHA",
  "office365LocalBreakoutCategory": "None",
  "provisioningState": "Succeeded",
  "resourceGroup": "vWAN_PAYG",
  "tags": null,
  "type": "Microsoft.Network/virtualWans",
  "typePropertiesType": "Standard",
  "virtualHubs": null,
  "vpnSites": null
}
{
  "addressPrefix": "172.31.0.0/24",
  "allowBranchToBranchTraffic": false,
  "etag": "W/\"abcdefg\"",
  "hubRoutingPreference": "ExpressRoute",
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualHubs/PAYG",
  "location": "westcentralus",
  "name": "PAYG",
  "provisioningState": "Succeeded",
  "resourceGroup": "vWAN_PAYG",
  "routeTable": {
    "routes": []
  },
  "routingState": "Provisioning",
  "type": "Microsoft.Network/virtualHubs",
  "virtualHubRouteTableV2s": [],
  "virtualRouterAsn": 65515,
  "virtualRouterAutoScaleConfiguration": {
    "minCapacity": 2
  },
  "virtualRouterIps": [],
  "virtualWan": {
    "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualWans/ALPHA",
    "resourceGroup": "vWAN_PAYG"
  }
}
packet@ubuntu:~/tmp$
packet@ubuntu:~/tmp$ az network vhub show -g $RG -n $VHUB
{
  "addressPrefix": "172.31.0.0/24",
  "allowBranchToBranchTraffic": false,
  "etag": "W/\"abcdefg\"",
  "hubRoutingPreference": "ExpressRoute",
  "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualHubs/PAYG",
  "location": "westcentralus",
  "name": "PAYG",
  "provisioningState": "Succeeded",
  "resourceGroup": "vWAN_PAYG",
  "routeTable": {
    "routes": []
  },
  "routingState": "Provisioned",
  "type": "Microsoft.Network/virtualHubs",
  "virtualHubRouteTableV2s": [],
  "virtualRouterAsn": 65515,
  "virtualRouterAutoScaleConfiguration": {
    "minCapacity": 2
  },
  "virtualRouterIps": [
    "172.31.0.69",
    "172.31.0.68"
  ],
  "virtualWan": {
    "id": "/subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Network/virtualWans/ALPHA",
    "resourceGroup": "vWAN_PAYG"
  }
}
packet@ubuntu:~/tmp$
      2. Azure takes up to 30 minutes to provision the required resources for vWAN and the virtual hub. Azure creates routers and updates its firmware. Once Hub status displays as Succeeded, Router Version displays as Latest, and Routing status displays as Provisioned, go to the Azure portal to provision FGT_VM64_AZURE PAYG as an NVA.
    2. Create a FortiGate-managed application for vWAN:
      1. From the FortiGate Image SKU dropdown list, select Pay As you Go (PAYG).
      2. From the Fortigate Image Version dropdown list, select latest. Configure other fields as desired, then click Next.

      3. From the Virtual WAN Hub dropdown list, select the vWAN hub that you created earlier. Configure other fields as desired, then click Next.
      4. The external load balancer public IP SKU is standard and unavailable for customization. Click Next.
      5. If desired, create tags. Click Next.
      6. Agree to the terms and conditions, then click Create.
    3. Deployment takes 10-15 minutes. Connect to the FGT_VM64_AZURE PAYG instances using the IP addresses in the Public IP Address column for each hub and the FortiGate administrative username and FortiGate password that you configured.

    4. Configure static routes and verify that BGP neighbors are established between the FGT_VM64_AZURE PAYG instances and Azure vWAN routers:
      config router static
    edit 1
        set gateway 172.31.0.241
        set device "port1"
    next
    edit 68
        set dst 172.31.0.68/32
        set gateway 172.31.0.225
        set device "port2"
    next
    edit 69
        set dst 172.31.0.69/32
        set gateway 172.31.0.225
        set device "port2"
    next
end

fg-sdfw-cgixxtfyreom~000 (Interim)# get router info bgp neighbors | grep "BGP neighbor" -A4
BGP neighbor is 172.31.0.68, remote AS 65515, local AS 64512, external link
  BGP version 4, remote router ID 172.31.0.68
  BGP state = Established, up for 1d02h26m
  Last read 00:00:01, hold time is 180, keepalive interval is 60 seconds
  Configured hold time is 180, keepalive interval is 60 seconds
--
  External BGP neighbor may be up to 255 hops away.
Local host: 172.31.0.230, Local port: 179
Foreign host: 172.31.0.68, Foreign port: 58626
Egress interface: 5
Nexthop: 172.31.0.230
--
BGP neighbor is 172.31.0.69, remote AS 65515, local AS 64512, external link
  BGP version 4, remote router ID 172.31.0.69
  BGP state = Established, up for 1d02h26m
  Last read 00:00:20, hold time is 180, keepalive interval is 60 seconds
  Configured hold time is 180, keepalive interval is 60 seconds
--
  External BGP neighbor may be up to 255 hops away.
Local host: 172.31.0.230, Local port: 179
Foreign host: 172.31.0.69, Foreign port: 58252
Egress interface: 5
Nexthop: 172.31.0.230

fg-sdfw-cgixxtfyreom~000 (Interim)#
fg-sdfw-cgixxtfyreom~000 (Interim)# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       V - BGP VPNv4
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 172.31.0.241, port1, [1/0]
S       168.63.129.16/32 [5/0] via 172.31.0.241, port1, [1/0]
S       169.254.169.254/32 [5/0] via 172.31.0.241, port1, [1/0]
B       172.31.0.0/24 [20/0] via 172.31.0.68 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]
                      [20/0] via 172.31.0.69 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]
S       172.31.0.68/32 [10/0] via 172.31.0.225, port2, [1/0]
S       172.31.0.69/32 [10/0] via 172.31.0.225, port2, [1/0]
C       172.31.0.224/28 is directly connected, port2
C       172.31.0.240/28 is directly connected, port1
B       172.31.1.0/24 [20/0] via 172.31.0.68 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]
                      [20/0] via 172.31.0.69 (recursive via 172.31.0.225, port2), 1d02h25m, [1/0]

fg-sdfw-cgixxtfyreom~000 (Interim)#
    5. Verify vwan-payg-billing status and usage on the FGT_VM64_AZURE PAYG instances:
      
fg-sdfw-cgixxtfyreom~000 (Interim)# get system status
Version: FortiGate-VM64-AZURE v7.4.4,build4691,240329 (interim)
First GA patch build date: 230509
Security Level: 0
Firmware Signature: not-certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00527(2024-01-24 23:27)
Serial-Number: FGTAZRL12345
License Status: Valid
VM Resources: 2 CPU, 6971 MB RAM
Azure NVA: fg-sdfw-cgixxtfyreomy, Group ID = <group ID>
Azure NVA PAYG Billing: Valid
Log hard disk: Not available
Hostname: fg-sdfw-cgixxtfyreomy000000
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2639
Release Version Information: interim
FortiOS x86-64: Yes
System time: Wed Apr 10 13:12:42 2024
Last reboot reason: warm reboot

fg-sdfw-cgixxtfyreom~000 (Interim)#
fg-sdfw-cgixxtfyreom~000 (Interim)# execute azure vwan-payg-billing status
NVA metering state:
  last billing time: Wed Apr 10 12:02:33 2024
  billing dimension: cpucore2
  billing backlog: 0
  traffic limited: No

fg-sdfw-cgixxtfyreom~000 (Interim)# execute azure vwan-payg-billing usage
offerId: fortigate_vwan_nva-beta
planId: mgdfgthybrid-beta
usageResourceId: /subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Solutions/applications/managedApp

billingDimension: 1_cpucore2
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


billingDimension: cpucore2 (current instance)
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


fg-sdfw-cgixxtfyreom~000 (Interim)#


fg-sdfw-cgixxtfyreom~001 (Interim)# get system status
Version: FortiGate-VM64-AZURE v7.4.4,build4691,240329 (interim)
First GA patch build date: 230509
Security Level: 0
Firmware Signature: not-certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00527(2024-01-24 23:27)
Serial-Number: FGTAZR67890
License Status: Valid
VM Resources: 2 CPU, 6971 MB RAM
Azure NVA: fg-sdfw-cgixxtfyreomy, Group ID = <group ID>
Azure NVA PAYG Billing: Valid
Log hard disk: Not available
Hostname: fg-sdfw-cgixxtfyreomy000001
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2639
Release Version Information: interim
FortiOS x86-64: Yes
System time: Wed Apr 10 13:17:06 2024
Last reboot reason: warm reboot

fg-sdfw-cgixxtfyreom~001 (Interim)#
fg-sdfw-cgixxtfyreom~001 (Interim)# execute azure vwan-payg-billing status
NVA metering state:
  last billing time: Wed Apr 10 12:02:35 2024
  billing dimension: 1_cpucore2
  billing backlog: 0
  traffic limited: No

fg-sdfw-cgixxtfyreom~001 (Interim)# execute azure vwan-payg-billing usage
offerId: fortigate_vwan_nva-beta
planId: mgdfgthybrid-beta
usageResourceId: /subscriptions/<subscription ID>/resourceGroups/vWAN_PAYG/providers/Microsoft.Solutions/applications/managedApp

billingDimension: 1_cpucore2 (current instance)
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


billingDimension: cpucore2
-----------------------------
Usage Date:                 2024-04-10     2024-04-09     2024-04-08
Recon Status:               Submitted      Submitted      Submitted
submitted Count/Quantity:   20/20          24/24          2/2
processed Quantity:         0              0              0


fg-sdfw-cgixxtfyreom~001 (Interim)#
    Previous
    Next