Deploying FortiWeb-VM from ARM template

This section introduces how to create a FortiWeb Virtual Machine from ARM Template. FortiWeb-VM on Azure supports Cloud.init feature. You can add CLI commands in the ARM template to deploy a FortiWeb-VM with preset configurations. Refer to the description of Usr CLI Uri for how to prepare the SAS URL for the configuration file.

In the Microsoft Azure Dashboard, click All services, type template specs in the search box, then click template specs in the search results.
Click Create template spec.
Enter a name for the template, and describe it briefly. Click Next:Edit Template.
Delete the default provided template content.
Click this link and save your file at your local directory: azure_bootstrap.json. Copy the text in this file, then paste it here. Click Review + Create.
Click Create.
In the template list, click the template you just added.
Click Deploy.
In BASICS settings, select the desired options for Subscription, Resource group, and Location.

In SETTINGS, refer to the following table to configure the settings.

Parameter name	Description
Vm Name Prefix	Specify a prefix for the FortiWeb-VM instance names.
Vm Sku	Specify the FortiWeb-VM instance types. To ensure high performance, it's recommended to deploy a VM instance with at least 2 vCPUs and 8 GB memory. If you are using BYOL licensing type, specify an instance types that matches your FortiWeb-VM licenses. For example, if your FortiWeb-VM license supports 4 vCPUs, you can choose from the instances types that have 4 vCPUs. The recommended instance types include: Standard_F2s_v2 Standard_F4s_v2 Standard_F8s_v2
Admin User Name	Enter an administrator username for the FortiWeb instances. The username cannot be "admin" or "root".
Admin Password	Enter a password for the administrator account if you have chosen password for Authentication Type. The Azure password policy requires the password to meet at least 3 out of the 4 conditions: Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_])
VM Pub IP New Or Existing	Select `new` or `existing` to specify whether to use an existing public IP or create a new public IP for FortiWeb-VM. If you have selected new in Vnet New or Existing, it's not necessary to specify the parameter VM Pub IP RG, because the new public IP is by default created in the resource group you have specified in BASICS settings.
VM Pub IP Name	Enter the name of the existing public IP or a name for the new public IP.
VM Pub IP Type	Select the type of the public IP address.
VM Pub IP Sku	Select Basic or Standard. For the definition of the different SKUs, see this Azure article .
VM Pub IP RG	If you have selected existing public IP, specify the resource group to which the public IP belongs.
Vnet New or Existing	Select whether to use a new or existing virtual network. If you have selected new in Vnet New or Existing, it's not necessary to specify the next parameter Virtual Net Resource Group, because the new virtual network is by default created in the resource group you have specified in BASICS settings.
Virtual Net Resource Group	If you have selected existing virtual network, specify the resource group to which the virtual network belongs.
Virtual Net Name	Specify a name for the new virtual network, or enter the name of the existing virtual network.
Vnet Address Prefix	Specify the virtual network address prefix. For example, 10.10.0.0/16.
Subnet1Name	Specify a name for the public facing subnet.
Subnet1Prefix	Specify the prefix of the public facing subnet. For example, 10.10.0.0/24.
Subnet2Name	Specify a name for the private subnet.
Subnet2Prefix	Specify the prefix of the private subnet. For example, 10.10.1.0/24.
Usr CLI	Enter FortiWeb CLI commands to pre-set the VM. Separate each command line with \n. For example, enter the following: `config system global\n set timezone 02\n end\n config log disk\n set severity notification\n end` The above commands will set FortiWeb to use timezone 02 and record logs with a severity of `notification` or higher. If you want to run a large amount of CLI commands, it's more convenient to use Usr CLI Uri where you can save the commands in a file and reference this file in Usr CLI Uri.
Flex VM	Enter the Flex VM token. When the FortiWeb-VM boots up for the first time, a license file will be fetched if the token validation can be passed. This option is supported since 7.2.0. For more information on Flex VM, see "Flex VM" in Licensing.
Usr CLI Uri	In addition to Usr CLI, you can also use Usr CLI Uri to run FortiWeb CLI commands during deployment. Save the FortiWeb CLI commands in a .txt file. Upload the file to Azure blob in a private container. Generate SAS token and URL. Past the URL here in Usr CLI Uri. The commands in the file will be executed when FortiWeb-VM is deployed. The following is an example of the command file: For more information about Azure Blob, see topics under Blob Storage on Azure. For more information about FortiWeb CLI commands, refer to FortiWeb CLI Reference.
Usr License Uri	If you want to deploy a BYOL type of FortiWeb-VM, you can upload the license file to Azure blob, and paste the SAS URL here. The steps are the same as you create the SAS URL for the command file in Usr CLI Uri. Or, you can skip this parameter and upload the license file through FortiWeb's GUI after the deployment. Refer to Uploading license.

If you plan to create more FortiWeb-VMs with the same or similar settings, it's recommended to download a template containing the above settings by clicking Edit parameters > Download.
The next time you deploy an HA group, you can use Load file to upload the settings with one click.
Click Create.

When you deploy the FortiWeb-VM package, network adapters are created automatically. If you want to delete network adapters, do it during the deployment process. It's not recommended to delete network adapters once the FortiWeb is deployed, otherwise unexpected error will occur.

According to Azure, it's recommended to set the MTU to 1,400. Run the following command in FortiWeb::

config system interface

edit interface <index>

set mtu 1400

end

For more information, see https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-tcpip-performance-tuning.

Deploying FortiWeb-VM from ARM template

In the Microsoft Azure Dashboard, click All services, type template specs in the search box, then click template specs in the search results.

Click Create template spec.

Enter a name for the template, and describe it briefly. Click Next:Edit Template.

Delete the default provided template content.

Click this link and save your file at your local directory: azure_bootstrap.json. Copy the text in this file, then paste it here. Click Review + Create.

Click Create.

In the template list, click the template you just added.

Click Deploy.

In BASICS settings, select the desired options for Subscription, Resource group, and Location.

In SETTINGS, refer to the following table to configure the settings.

Parameter name	Description
Vm Name Prefix	Specify a prefix for the FortiWeb-VM instance names.
Vm Sku	Specify the FortiWeb-VM instance types. To ensure high performance, it's recommended to deploy a VM instance with at least 2 vCPUs and 8 GB memory. If you are using BYOL licensing type, specify an instance types that matches your FortiWeb-VM licenses. For example, if your FortiWeb-VM license supports 4 vCPUs, you can choose from the instances types that have 4 vCPUs. The recommended instance types include: Standard_F2s_v2 Standard_F4s_v2 Standard_F8s_v2
Admin User Name	Enter an administrator username for the FortiWeb instances. The username cannot be "admin" or "root".
Admin Password	Enter a password for the administrator account if you have chosen password for Authentication Type. The Azure password policy requires the password to meet at least 3 out of the 4 conditions: Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_])
VM Pub IP New Or Existing	Select `new` or `existing` to specify whether to use an existing public IP or create a new public IP for FortiWeb-VM. If you have selected new in Vnet New or Existing, it's not necessary to specify the parameter VM Pub IP RG, because the new public IP is by default created in the resource group you have specified in BASICS settings.
VM Pub IP Name	Enter the name of the existing public IP or a name for the new public IP.
VM Pub IP Type	Select the type of the public IP address.
VM Pub IP Sku	Select Basic or Standard. For the definition of the different SKUs, see this Azure article .
VM Pub IP RG	If you have selected existing public IP, specify the resource group to which the public IP belongs.
Vnet New or Existing	Select whether to use a new or existing virtual network. If you have selected new in Vnet New or Existing, it's not necessary to specify the next parameter Virtual Net Resource Group, because the new virtual network is by default created in the resource group you have specified in BASICS settings.
Virtual Net Resource Group	If you have selected existing virtual network, specify the resource group to which the virtual network belongs.
Virtual Net Name	Specify a name for the new virtual network, or enter the name of the existing virtual network.
Vnet Address Prefix	Specify the virtual network address prefix. For example, 10.10.0.0/16.
Subnet1Name	Specify a name for the public facing subnet.
Subnet1Prefix	Specify the prefix of the public facing subnet. For example, 10.10.0.0/24.
Subnet2Name	Specify a name for the private subnet.
Subnet2Prefix	Specify the prefix of the private subnet. For example, 10.10.1.0/24.
Usr CLI	Enter FortiWeb CLI commands to pre-set the VM. Separate each command line with \n. For example, enter the following: `config system global\n set timezone 02\n end\n config log disk\n set severity notification\n end` The above commands will set FortiWeb to use timezone 02 and record logs with a severity of `notification` or higher. If you want to run a large amount of CLI commands, it's more convenient to use Usr CLI Uri where you can save the commands in a file and reference this file in Usr CLI Uri.
Flex VM	Enter the Flex VM token. When the FortiWeb-VM boots up for the first time, a license file will be fetched if the token validation can be passed. This option is supported since 7.2.0. For more information on Flex VM, see "Flex VM" in Licensing.
Usr CLI Uri	In addition to Usr CLI, you can also use Usr CLI Uri to run FortiWeb CLI commands during deployment. Save the FortiWeb CLI commands in a .txt file. Upload the file to Azure blob in a private container. Generate SAS token and URL. Past the URL here in Usr CLI Uri. The commands in the file will be executed when FortiWeb-VM is deployed. The following is an example of the command file: For more information about Azure Blob, see topics under Blob Storage on Azure. For more information about FortiWeb CLI commands, refer to FortiWeb CLI Reference.
Usr License Uri	If you want to deploy a BYOL type of FortiWeb-VM, you can upload the license file to Azure blob, and paste the SAS URL here. The steps are the same as you create the SAS URL for the command file in Usr CLI Uri. Or, you can skip this parameter and upload the license file through FortiWeb's GUI after the deployment. Refer to Uploading license.

If you plan to create more FortiWeb-VMs with the same or similar settings, it's recommended to download a template containing the above settings by clicking Edit parameters > Download.
The next time you deploy an HA group, you can use Load file to upload the settings with one click.

Click Create.

According to Azure, it's recommended to set the MTU to 1,400. Run the following command in FortiWeb::

config system interface

edit interface <index>

set mtu 1400

end

For more information, see https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-tcpip-performance-tuning.

Deploying FortiWeb on Azure

Deploying FortiWeb-VM from ARM template

Deploying FortiWeb-VM from ARM template

Deploying FortiWeb-VM from ARM template