Deploying a standalone FortiWeb-VM

This section introduces how to create a single FortiWeb Virtual Machine from Azure Marketplace.

1. In the Microsoft Azure Dashboard, select Marketplace.
2. Search for FortiWeb, then select Fortinet FortiWeb Web Application Firewall (WAF) in the results. Select Single VM.
   
3. Click Create.
   
4. Complete the basic settings. Select FortiWeb BYOL or PAYG according to your own needs. It's recommended to deploy the latest version of FortiWeb.
   Take note of the FortiWeb administrative username and password you have set. You will use it to access FortiWeb GUI and CLI in the following steps.
   
5. Under Instance Type, select the virtual machine size that is appropriate for your license. To ensure high performance, it's recommended to choose the VM type with at least two vCPUs, and memory size larger than 8 GB. For more information, see Licensing.
6. Under Network Settings and Instance Type, select a virtual network or create a new one. Then, configure the subnets.
   If you select an existing virtual network, ensure that it has at least two subnets for FortiWeb to route between: an "outside" or public subnet that provides access to the Internet and a private subnet where one or more servers that FortiWeb protects are located.
   In a typical deployment, because the “outside” or public subnet simply connects the FortiWeb outgoing interface to the Azure Public Load Balancer, the subnet can be small.
   
7. Configure Public IP settings.
   • Static – Azure preserves the public IP address after state changes such as restart and shutdown
   • Dynamic – Azure assigns a new public IP address after state changes such as restart and shutdown.
8. Click Review + Create to review your deployment configuration.
9. Click Create.
   
10. Wait for Azure to complete the deployment.
    In most cases, deployment takes about 20 minutes, but the amount of time varies depending on your location and the number of resources you requested.
    
11. By default, the pre-set configurations create inbound port rules for port number 22, 80, 443, 8080, 8443, and 514, to allow the web traffic to flow in.
    If you want to allow inbound traffic for more ports, go to Networking pane of this instance, select the network interface of the public facing subnet, and click Add inbound port rule to create inbound port rules for the desired port number.
    
12. To view your DNS name (dynamic IP) or public IP address (static IP), click Overview of the instance. Find the public IP address under Properties.
    
    
13. Take note of the DNS name of public IP address, and use it to access the web UI in a web browser or the CLI using an SSH connection. See Connecting to FortiWeb’s web UI & CLI.

When you deploy the FortiWeb-VM package, network adapters are created automatically. If you want to delete network adapters, do it during the deployment process. It's not recommended to delete network adapters once the FortiWeb is deployed, otherwise unexpected error will occur.

According to Azure, it's recommended to set the MTU to 1,400. Run the following command in FortiWeb: config system interface edit interface <index> set mtu 1400 end end For more information, see https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-tcpip-performance-tuning.