Creating a resource group |
Azure resource group is a container that holds related resources for an Azure solution.
Go to Azure Portal > Resource groups > Access control (IAM) > Role assignments. Verify the administrator has the minimum ‘'Role assignments for this resource group:
- Owner, scope = this resource
If you need to launch local custom VM clones, the Access control should grant administrator these Role assignments:
- Virtual Machine Contributor, scope = this resource
- API Management Service Contributor, scope = this resource
|
Creating network security groups |
Go to Azure Portal > Network security groups.
- Verify a security group is available for FortiSandbox firmware (Port1).
- Verify the Resource group and the Region is the one your created.
- Optional: a security group is available for port2 if local custom VM clones is used).
|
Creating virtual networks and one default subnet |
- Go to Azure Portal > Virtual networks. Ensure the Resource group and the Region is the one you created.
- Go to Azure Portal > Virtual networks. Select the Virtual network created. Under Subnets,ensure the default first subnet is for FortiSandbox firmware (Port1) and is associated with the security group for FortiSandbox Port1.
|
Optional: Creating multiple subnets in the virtual network |
- Verify the second subnet is available for FortiSandbox custom VM (Port2). The third subnet is available for FortiSandbox HA-Cluster mode (Port3).
- Go to Azure Portal > Virtual networks. Select the ‘Virtual network’ you created. Under Subnets, ensure the different subnets are associated with different network security groups if needed.
|
Creating two storage accounts |
Go to Azure Portal > Storage accounts.
- The first storage account is for storing FortiSandbox images. The second storage account is for debugging.
- Ensure the Resource group and the Region is the one your created and the Redundancy is Geo-Redundant Storage (GRS).
|
Optional: Creating multiple FSA network interfaces |
Go to Azure Portal > Network interfaces.
- Ensure the different network interfaces for FortiSandbox are deployed in different subnets and associated with different security groups if needed.
|
Optional: Setting up App registrations for the client id option of Azure Config on
FortiSandbox GUI
|
- Go to Azure Portal > App registrations > App roles. Ensure the App roles allowed member types are Both (Users/Groups + Applications).
- Go to Azure Portal > App registrations > Certificates & secrets > Client secret. Ensure the Expires is valid.
- Go to Azure Portal > App registrations > API permissions. Ensure the minimum API permissions are as follows:
- Azure Service Management: Delegated, Granted for FortiSandbox
- Azure Storage: Delegated, Granted for FortiSandbox.
- Microsoft Graph: Files.ReadWrite, User.Read
- App roles: The App roles you created, Granted for FortiSandbox
|