Single FortiGate-VM deployment
You can deploy FortiGate-VM next generation firewall (NGFW) for Azure as a virtual appliance in the Azure cloud (IaaS). This section shows you how to install and configure a single instance FortiGate-VM in Azure to provide a full NGFW/unified threat management security solution in front of Azure IaaS resources.
This section covers the deployment of simple web servers, but you can use this deployment type for any type of public resource protection with only slight modifications. With this architecture as a starting point, you can implement more advanced solutions, including multitiered solutions.
The example in this document creates the following subnets:
Subnet |
Description |
---|---|
Subnet1 |
External subnet used to connect the FortiGate-VM to the Internet. |
Subnet2 |
Internal subnet used as a transit network to one or multiple protected networks containing backend services, such as the web server. |
Subnet3 |
Protected subnet used to deploy services. You can deploy multiples of these subnets. The traffic is sent to the FortiGate for inspection using UDR. |