Fortinet white logo
Fortinet white logo

Azure Administration Guide

Single FortiGate-VM deployment

Single FortiGate-VM deployment

You can deploy FortiGate-VM next generation firewall (NGFW) for Azure as a virtual appliance in the Azure cloud (IaaS). This section shows you how to install and configure a single instance FortiGate-VM in Azure to provide a full NGFW/unified threat management security solution in front of Azure IaaS resources.

This section covers the deployment of simple web servers, but you can use this deployment type for any type of public resource protection with only slight modifications. With this architecture as a starting point, you can implement more advanced solutions, including multitiered solutions.

The example in this document creates the following subnets:

Subnet

Description

Subnet1

External subnet used to connect the FortiGate-VM to the Internet.

Subnet2

Internal subnet used as a transit network to one or multiple protected networks containing backend services, such as the web server.

Subnet3

Protected subnet used to deploy services. You can deploy multiples of these subnets. The traffic is sent to the FortiGate for inspection using UDR.

Single FortiGate-VM deployment

Single FortiGate-VM deployment

You can deploy FortiGate-VM next generation firewall (NGFW) for Azure as a virtual appliance in the Azure cloud (IaaS). This section shows you how to install and configure a single instance FortiGate-VM in Azure to provide a full NGFW/unified threat management security solution in front of Azure IaaS resources.

This section covers the deployment of simple web servers, but you can use this deployment type for any type of public resource protection with only slight modifications. With this architecture as a starting point, you can implement more advanced solutions, including multitiered solutions.

The example in this document creates the following subnets:

Subnet

Description

Subnet1

External subnet used to connect the FortiGate-VM to the Internet.

Subnet2

Internal subnet used as a transit network to one or multiple protected networks containing backend services, such as the web server.

Subnet3

Protected subnet used to deploy services. You can deploy multiples of these subnets. The traffic is sent to the FortiGate for inspection using UDR.