Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Azure vWAN NGFW Deployment Guide

    Home FortiGate Public Cloud 7.4.0 Azure vWAN NGFW Deployment Guide
    7.4.0
    7.6.0
    7.4.0
    7.2.0

    Configuring internet inbound/DNAT policies using FortiManager

    Configuring internet inbound/DNAT policies using FortiManager

    Using FortiManager 7.4.4 with FortiGate 7.4.4 and later versions allows you to configure internet inbound DNAT policies via FortiManager.

    You can add an existing Public IP of standard SKU to the Azure vWAN SLB. See Adding additional public IP addresses.

    To configure internet inbound/DNAT policies using FortiManager:
    1. On the FortiManager Admin GUI, do the following:
      1. Go to Device Manager > Device & Groups.
      2. Select the group of the network virtual appliance (NVA) FortiGates to configure.
        Note

        If the NVA is newly deployed, both devices show as passive under Azure vWAN SLB Mode.

      3. Select a FortiGate to push standard load balancer (SLB) configuration from.
      4. Select Azure vWAN SLB > Switch to Active, then click OK.

    2. On the Azure portal, do the following:
      1. Go to Virtual WANs.
      2. Select your virtual WAN.
      3. Go to Hub > Network Virtual Appliance.
      4. Under the NVA, click Manage configurations.
      5. Manage Configurations > Internet inbound displays the names of the public IP addresses attached to the internet inbound SLB. Copy the name of the public IP address as this is required for the policy configuration step.

    3. On the FortiManager Admin GUI, do the following:
      1. Right-click the FortiGate that you switched the Azure vWAN SLB mode to Active in step 1.
      2. Click Edit Rules.
      3. Under the SLB policy edit panel permanent-security-rules, do the following:
        1. Set status to enable.
        2. Under rules, click Create New.
        3. Under applies-on, paste the public IP address name obtained from the Azure portal.
        4. Configure the desired port ranges, protocol, and address prefix.
        5. Click OK.
      4. Click Apply.
    4. Push your vWAN SLB configuration to Azure. Config Status of the active SLB FortiGate displays Modified (recent auto-updated).

    5. Click Install > Install Wizard > Install device settings (only) > Next and Install.
    6. Click Finish when complete.
    7. Repeat steps 2.a-c. The Azure portal displays the rules pushed to the SLB and associated to the public IP address.

    Previous
    Next

    Configuring internet inbound/DNAT policies using FortiManager

    Configuring internet inbound/DNAT policies using FortiManager

    Using FortiManager 7.4.4 with FortiGate 7.4.4 and later versions allows you to configure internet inbound DNAT policies via FortiManager.

    You can add an existing Public IP of standard SKU to the Azure vWAN SLB. See Adding additional public IP addresses.

    To configure internet inbound/DNAT policies using FortiManager:
    1. On the FortiManager Admin GUI, do the following:
      1. Go to Device Manager > Device & Groups.
      2. Select the group of the network virtual appliance (NVA) FortiGates to configure.
        Note

        If the NVA is newly deployed, both devices show as passive under Azure vWAN SLB Mode.

      3. Select a FortiGate to push standard load balancer (SLB) configuration from.
      4. Select Azure vWAN SLB > Switch to Active, then click OK.

    2. On the Azure portal, do the following:
      1. Go to Virtual WANs.
      2. Select your virtual WAN.
      3. Go to Hub > Network Virtual Appliance.
      4. Under the NVA, click Manage configurations.
      5. Manage Configurations > Internet inbound displays the names of the public IP addresses attached to the internet inbound SLB. Copy the name of the public IP address as this is required for the policy configuration step.

    3. On the FortiManager Admin GUI, do the following:
      1. Right-click the FortiGate that you switched the Azure vWAN SLB mode to Active in step 1.
      2. Click Edit Rules.
      3. Under the SLB policy edit panel permanent-security-rules, do the following:
        1. Set status to enable.
        2. Under rules, click Create New.
        3. Under applies-on, paste the public IP address name obtained from the Azure portal.
        4. Configure the desired port ranges, protocol, and address prefix.
        5. Click OK.
      4. Click Apply.
    4. Push your vWAN SLB configuration to Azure. Config Status of the active SLB FortiGate displays Modified (recent auto-updated).

    5. Click Install > Install Wizard > Install device settings (only) > Next and Install.
    6. Click Finish when complete.
    7. Repeat steps 2.a-c. The Azure portal displays the rules pushed to the SLB and associated to the public IP address.

    Previous
    Next