Fortinet white logo
Fortinet white logo

Azure Administration Guide

Running PowerShell to deploy a FortiGate-VM

Running PowerShell to deploy a FortiGate-VM

The instructions assume that PowerShell is already installed on the Windows machine. For details on installing and running PowerShell, see Install Azure PowerShell on Windows with PowerShellGet.

To run PowerShell to deploy a FortiGate-VM:
  1. Log into a Windows machine and invoke the PowerShell console.
  2. Obtain the sample PowerShell script file from GitHub.
  3. You must edit the content according to your own Azure environment. The ps1 file contains comments for sections that require modification. Editing the file using Visual Studio with the PowerShell extension installed is recommended. In the $vmsize field, enter the desired instance type based on the number of virtual CPU cores.

    One of the sections you must modify is the $vmsize field. Enter the desired instance type here. Recommended types are the following compute-optimized instances:

    • Standard_F1
    • Standard_F2
    • Standard_F4
    • Standard_F8
    • Standard_F1s
    • Standard_F2s
    • Standard_F4s
    • Standard_F8s
    • Standard_F16s
    • Standard_F2s_v2
    • Standard_F4s_v2
    • Standard_F8s_v2
    • Standard_F16s_v2
    • Standard_F32s_v2
    • Standard_F64s_v2
    • Standard_F72s_v2
    note icon

    Instances with over 32 vCPU require a FG-VMUL license, which can support an unlimited number of CPU cores.

  4. This sample file can deploy the FortiGate-VM in an existing virtual network (VNet) under an existing resource group. Before running the ps1 file, you must create the following Azure elements:
    • Resource group
    • VNet with a subnet. If you attach more than one NIC to the FortiGate-VM, create as many subnets as the number of NICs before running the ps1 file.
    • Container to copy your FortiGate-VM image file to
    • Blob where to create an operating system and a data disk file to launch a FortiGate-VM instance
  5. You must manually create security groups and route tables after deploying the FortiGate-VM, as the sample ps1 file does not create these.
  6. Download the FortiGate-VM vhd image:
    1. Go to Customer Service & Support > Download > VM Images.
    2. From the Select Product dropdown list, select FortiGate.
    3. From the Select Platform dropdown list, select Azure.
    4. Download the FGT_VM64_AZURE-v6-buildXXXX-FORTINET.out.hyperv.zip file.
    5. Unzip the downloaded file. Place the fortios.vhd file in the C:\Azure\vhds directory. You can change the path using the $sourceVhd parameter in the ps1 file.
  7. Run the ps1 file. In this example, the filename is fortigate-deploy-powershell.ps1.

    1. The system prompts you for a number of network instances. Enter a number between 1 and 4.
    2. The system prompts you to log into Azure by entering your username and password. Enter your credentials.

    3. The execution continues. If you encounter an error (shown in red), resolve it, manually clean up newly generated files, then retry the execution. If you do not clean up the files, the next execution attempt results in an error. Manually clean up files by doing the following:
      1. Remove files created in your container and blob under your storage account.
      2. Remove network resources created under your specified resource group.
      3. Diagnostic files are created under your storage account. Remove these files if they are unnecessary.

    Fortinet provides the sample ps1 file for your reference. If you must modify or author it your organization requires, you are expected to be able to do so on your own.

    Execution takes about ten minutes to complete.

  8. Access the FortiGate-VM after executing the ps1 file:
    1. Go to the resource group and click the specified VM name.

    2. Click the FortiGate-VM hostname and find its public IP address.

    3. In a browser, access https://<public IP address>. Enter the admin username and password specified in the ps1 file to log in.

Running PowerShell to deploy a FortiGate-VM

Running PowerShell to deploy a FortiGate-VM

The instructions assume that PowerShell is already installed on the Windows machine. For details on installing and running PowerShell, see Install Azure PowerShell on Windows with PowerShellGet.

To run PowerShell to deploy a FortiGate-VM:
  1. Log into a Windows machine and invoke the PowerShell console.
  2. Obtain the sample PowerShell script file from GitHub.
  3. You must edit the content according to your own Azure environment. The ps1 file contains comments for sections that require modification. Editing the file using Visual Studio with the PowerShell extension installed is recommended. In the $vmsize field, enter the desired instance type based on the number of virtual CPU cores.

    One of the sections you must modify is the $vmsize field. Enter the desired instance type here. Recommended types are the following compute-optimized instances:

    • Standard_F1
    • Standard_F2
    • Standard_F4
    • Standard_F8
    • Standard_F1s
    • Standard_F2s
    • Standard_F4s
    • Standard_F8s
    • Standard_F16s
    • Standard_F2s_v2
    • Standard_F4s_v2
    • Standard_F8s_v2
    • Standard_F16s_v2
    • Standard_F32s_v2
    • Standard_F64s_v2
    • Standard_F72s_v2
    note icon

    Instances with over 32 vCPU require a FG-VMUL license, which can support an unlimited number of CPU cores.

  4. This sample file can deploy the FortiGate-VM in an existing virtual network (VNet) under an existing resource group. Before running the ps1 file, you must create the following Azure elements:
    • Resource group
    • VNet with a subnet. If you attach more than one NIC to the FortiGate-VM, create as many subnets as the number of NICs before running the ps1 file.
    • Container to copy your FortiGate-VM image file to
    • Blob where to create an operating system and a data disk file to launch a FortiGate-VM instance
  5. You must manually create security groups and route tables after deploying the FortiGate-VM, as the sample ps1 file does not create these.
  6. Download the FortiGate-VM vhd image:
    1. Go to Customer Service & Support > Download > VM Images.
    2. From the Select Product dropdown list, select FortiGate.
    3. From the Select Platform dropdown list, select Azure.
    4. Download the FGT_VM64_AZURE-v6-buildXXXX-FORTINET.out.hyperv.zip file.
    5. Unzip the downloaded file. Place the fortios.vhd file in the C:\Azure\vhds directory. You can change the path using the $sourceVhd parameter in the ps1 file.
  7. Run the ps1 file. In this example, the filename is fortigate-deploy-powershell.ps1.

    1. The system prompts you for a number of network instances. Enter a number between 1 and 4.
    2. The system prompts you to log into Azure by entering your username and password. Enter your credentials.

    3. The execution continues. If you encounter an error (shown in red), resolve it, manually clean up newly generated files, then retry the execution. If you do not clean up the files, the next execution attempt results in an error. Manually clean up files by doing the following:
      1. Remove files created in your container and blob under your storage account.
      2. Remove network resources created under your specified resource group.
      3. Diagnostic files are created under your storage account. Remove these files if they are unnecessary.

    Fortinet provides the sample ps1 file for your reference. If you must modify or author it your organization requires, you are expected to be able to do so on your own.

    Execution takes about ten minutes to complete.

  8. Access the FortiGate-VM after executing the ps1 file:
    1. Go to the resource group and click the specified VM name.

    2. Click the FortiGate-VM hostname and find its public IP address.

    3. In a browser, access https://<public IP address>. Enter the admin username and password specified in the ps1 file to log in.