Fortinet black logo

Cloud Deployment Guide (Azure)

Home FortiProxy Public Cloud 7.0.0 Cloud Deployment Guide (Azure)

Overview

7.0.0
7.4.0
7.2.0
7.0.0
Copy Link
Copy Doc ID cd39fb1d-e0fb-11ec-bb32-fa163e15d75b:20209
Download PDF

Overview

FortiProxy is available for deployment on Microsoft Azure, which is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data centers. FortiProxy for Azure supports single VM deployment and active/passive high availability (HA) configuration. HA enables configuration synchronization and failover management between the primary and secondary FortiProxy instances. When the FortiProxy detects a failure, the passive FortiProxy instance becomes active.

Azure services and components

FortiProxy-VM for Azure is a Linux VM instance. The following table lists Azure services and components required to be understood when deploying FortiProxy-VM. All services and components listed relate to ordinary FortiProxy-VM single instance deployment or FortiProxy-native active-passive HA deployment.

Service/component Description

Azure Virtual Network (VNet)

This is where the FortiProxy-VM and protected VMs are situated and users control the network. When you deploy Proxy-VM, you can configure relevant network settings.

VM

FortiProxy-VM for Azure is a customized Linux VM instance.

Subnets, route tables

You must appropriately configure the FortiProxy-VM with subnets and route tables to handle traffic.

When deploying from the marketplace launcher, there are two subnets for the FortiProxy-VM labeled PublicFacingSubnet and InsideSubnet by default.

Resource group

A group of resources where the FortiProxy-VM is deployed.

Availability Set

An availability set is a logical grouping capability that you can use in Azure to ensure that the VM resources you place within it are isolated from each other when they are deployed within an Azure datacenter. Usually a set intends to accommodate multiple VMs.

Public DNS IP address

You must allocate at least one public IP address to the FortiProxy-VM to access and manage it over the Internet.

Security groups

Unlike AWS, you cannot configure Azure security groups at the time of FortiProxy-VM deployment. All traffic is allowed inbound to, or outbound from, the subnet, or network interface by default. See Default security rules.

VHD

A special type of deployable image used for Azure. As long as you deploy FortiProxy-VM from the marketplace launcher, you do not need VHD files. However, you can launch FortiProxy-VM (BYOL) directly from the FortiProxy-VM VHD image file instead of using the marketplace. Ask azuresales@fortinet.com to find out where you can obtain the VHD images if needed.

Load Balancer

A network LB automatically distributes traffic across multiple FortiProxy-VM instances when configured properly. Topologies differ depending on how you distribute incoming and outgoing traffic.
Previous
Next

Overview

FortiProxy is available for deployment on Microsoft Azure, which is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data centers. FortiProxy for Azure supports single VM deployment and active/passive high availability (HA) configuration. HA enables configuration synchronization and failover management between the primary and secondary FortiProxy instances. When the FortiProxy detects a failure, the passive FortiProxy instance becomes active.

Azure services and components

FortiProxy-VM for Azure is a Linux VM instance. The following table lists Azure services and components required to be understood when deploying FortiProxy-VM. All services and components listed relate to ordinary FortiProxy-VM single instance deployment or FortiProxy-native active-passive HA deployment.

Service/component Description

Azure Virtual Network (VNet)

This is where the FortiProxy-VM and protected VMs are situated and users control the network. When you deploy Proxy-VM, you can configure relevant network settings.

VM

FortiProxy-VM for Azure is a customized Linux VM instance.

Subnets, route tables

You must appropriately configure the FortiProxy-VM with subnets and route tables to handle traffic.

When deploying from the marketplace launcher, there are two subnets for the FortiProxy-VM labeled PublicFacingSubnet and InsideSubnet by default.

Resource group

A group of resources where the FortiProxy-VM is deployed.

Availability Set

An availability set is a logical grouping capability that you can use in Azure to ensure that the VM resources you place within it are isolated from each other when they are deployed within an Azure datacenter. Usually a set intends to accommodate multiple VMs.

Public DNS IP address

You must allocate at least one public IP address to the FortiProxy-VM to access and manage it over the Internet.

Security groups

Unlike AWS, you cannot configure Azure security groups at the time of FortiProxy-VM deployment. All traffic is allowed inbound to, or outbound from, the subnet, or network interface by default. See Default security rules.

VHD

A special type of deployable image used for Azure. As long as you deploy FortiProxy-VM from the marketplace launcher, you do not need VHD files. However, you can launch FortiProxy-VM (BYOL) directly from the FortiProxy-VM VHD image file instead of using the marketplace. Ask azuresales@fortinet.com to find out where you can obtain the VHD images if needed.

Load Balancer

A network LB automatically distributes traffic across multiple FortiProxy-VM instances when configured properly. Topologies differ depending on how you distribute incoming and outgoing traffic.
Previous
Next