Fortinet white logo
Fortinet white logo

Azure Administration Guide

Troubleshooting

Troubleshooting

Determining the FortiGate Autoscale release version

To determine the release version of a deployment, go to the Microsoft.Template Outputs by following the steps in Locating deployment Outputs. The release version is in the deploymentPackageVersion.

Election of the primary FortiGate was not successful

If the election of the primary FortiGate is not successful, reset the elected primary FortiGate. If the reset does not solve the problem, please contact support.

Locating deployment Outputs

  1. Load the resource group Overview page. For details, refer to the section To load a resource group:.
  2. Click the link under Deployments.

    Resource group overview page (top)

  3. From the Deployments page, click the Microsoft.Template.

    Deployments page

  4. In the navigation column, click Outputs.

    Command to cleanup an existing VNet for redeployment

Redeploying with an existing VNet fails

Prior to redeploying with your existing VNet, you must ensure that the VNet meets the Requirements when using an existing VNet. You must also perform a VNet related cleanup using the following steps:

  1. Load the deployment Outputs for the VNet resource group. If your deployment only has one resource group, this is the Autoscale resource group.Command to cleanup an existing VNet for redeployment
  2. Copy the value of cmdDeleteVNetComponents and run it as an Azure CLI command (click >_ to launch the CLI) to perform the required cleanup.
  3. If your deployment has two resource groups, delete the Autoscale resource group. Otherwise, delete the following components:
    • Azure Cosmos DB account
    • App Service
    • Application Insights (if present)
    • App Service plan
    • Storage account
  4. Delete the following components from the VNet resource group:
    • the Public Load balancer
    • the Internal Load balancer
    • the Virtual machine scale set for BYOL
    • the Virtual machine scale set for PAYG
    • the Public IP address (if created by the autoscale deployment and you don't want to reuse it)

Resetting the elected primary FortiGate

To reset the elected primary FortiGate, go to the CosmosDB FortiGateAutoscale and open the table FortiGatePrimaryElection and delete the only item in the table.

A new primary FortiGate will be elected and a new record will be created as a result.

For details on locating the CosmosDB FortiGateAutoscale and the table FortiGatePrimaryElection, refer to the section Verifying the deployment.

Stack has stopped working

If the stack stops working when it previously used to work, look up the Function App Additional Outbound IP Addresses and ensure that each listed IP address has a corresponding entry in the Cosmos DB firewall. Any IP address not listed in the Cosmos DB firewall will be blocked, thus causing the Autoscale function to be blocked.

For details on how the Cosmos DB firewall is configured, refer to the section Security features for network communication.

For details on when Function App outbound IP addresses change, refer to the Microsoft article When outbound IPs change.

Troubleshooting using Application Insights

Application Insights can help you troubleshoot the deployment. It is automatically enabled if your region supports it.

Troubleshooting using environment variables

Environment variables are available to assist in troubleshooting the current FortiGate Autoscale deployment. These variables and details on how to use them are listed in the section Troubleshooting environment variables

  1. Load the Function App. For detailed steps, refer to the Function App portion of the section Verifying the deployment.
  2. Under Configured features, click Configuration .

    Function app settings

  3. Edit settings as needed.

    Settings

    Note

    Changing environment variables other than the troubleshooting ones can cause unexpected behavior. Modify them at your own risk.

Troubleshooting

Troubleshooting

Determining the FortiGate Autoscale release version

To determine the release version of a deployment, go to the Microsoft.Template Outputs by following the steps in Locating deployment Outputs. The release version is in the deploymentPackageVersion.

Election of the primary FortiGate was not successful

If the election of the primary FortiGate is not successful, reset the elected primary FortiGate. If the reset does not solve the problem, please contact support.

Locating deployment Outputs

  1. Load the resource group Overview page. For details, refer to the section To load a resource group:.
  2. Click the link under Deployments.

    Resource group overview page (top)

  3. From the Deployments page, click the Microsoft.Template.

    Deployments page

  4. In the navigation column, click Outputs.

    Command to cleanup an existing VNet for redeployment

Redeploying with an existing VNet fails

Prior to redeploying with your existing VNet, you must ensure that the VNet meets the Requirements when using an existing VNet. You must also perform a VNet related cleanup using the following steps:

  1. Load the deployment Outputs for the VNet resource group. If your deployment only has one resource group, this is the Autoscale resource group.Command to cleanup an existing VNet for redeployment
  2. Copy the value of cmdDeleteVNetComponents and run it as an Azure CLI command (click >_ to launch the CLI) to perform the required cleanup.
  3. If your deployment has two resource groups, delete the Autoscale resource group. Otherwise, delete the following components:
    • Azure Cosmos DB account
    • App Service
    • Application Insights (if present)
    • App Service plan
    • Storage account
  4. Delete the following components from the VNet resource group:
    • the Public Load balancer
    • the Internal Load balancer
    • the Virtual machine scale set for BYOL
    • the Virtual machine scale set for PAYG
    • the Public IP address (if created by the autoscale deployment and you don't want to reuse it)

Resetting the elected primary FortiGate

To reset the elected primary FortiGate, go to the CosmosDB FortiGateAutoscale and open the table FortiGatePrimaryElection and delete the only item in the table.

A new primary FortiGate will be elected and a new record will be created as a result.

For details on locating the CosmosDB FortiGateAutoscale and the table FortiGatePrimaryElection, refer to the section Verifying the deployment.

Stack has stopped working

If the stack stops working when it previously used to work, look up the Function App Additional Outbound IP Addresses and ensure that each listed IP address has a corresponding entry in the Cosmos DB firewall. Any IP address not listed in the Cosmos DB firewall will be blocked, thus causing the Autoscale function to be blocked.

For details on how the Cosmos DB firewall is configured, refer to the section Security features for network communication.

For details on when Function App outbound IP addresses change, refer to the Microsoft article When outbound IPs change.

Troubleshooting using Application Insights

Application Insights can help you troubleshoot the deployment. It is automatically enabled if your region supports it.

Troubleshooting using environment variables

Environment variables are available to assist in troubleshooting the current FortiGate Autoscale deployment. These variables and details on how to use them are listed in the section Troubleshooting environment variables

  1. Load the Function App. For detailed steps, refer to the Function App portion of the section Verifying the deployment.
  2. Under Configured features, click Configuration .

    Function app settings

  3. Edit settings as needed.

    Settings

    Note

    Changing environment variables other than the troubleshooting ones can cause unexpected behavior. Modify them at your own risk.