Fortinet Document Library

Version:


Table of Contents

About FortiGate for Azure

Deploying FortiGate on Azure

Deploying auto scaling on Azure

Single FortiGate-VM Deployment

Use case: High availability for FortiGate on Azure

Use case: Automatically updating dynamic addresses using Fabric connector

Resources

Upgrade Path Tool
6.0.0
Copy Link

Parameters required for Function App deployment

Parameter name

Description

Resource Group

Resource group the service will be deployed in.

Location

Region the resource will be deployed in.

App Name

Azure function name.

Db name

Cosmos database name.

Storage Account Type

Storage account type.

Tenant_id

Refer to Setting up a service principal.

Subscription_id

Restapp_id

Heartbeat_loss

HeartBeat loss count.

Autoscale_resource_group

Resource group name that the FortiGate autoscale template will be deployed in.

Scale_name

VMSS name the FortiGate is deployed in.

FGT_config

Base configurations that the FortiGate uses for cloudinit.

Package_Res_URL

Public URL of the zip file that contains the code for deploying the FortiGate autoscale Function App.

The below shows the sample base FortiGate config:

config system dns\n unset primary\n unset secondary\n end\n config system auto-scale\n set status enable\n set sync-interface port1\n set role master\n set callback-url ${CALLBACK_URL}\n set psksecret <your psk secret>\n end\n config system global\n set admin-sport 8443\n end\n config system interface\n edit port1\n set description ext\n next\n edit port2\n set description int\n set mode dhcp\n set defaultgw disable\n next\n end\nconfig router static\nedit 0\nset dst 168.63.129.16 255.255.255.0\nset device port2\nset gateway 10.0.2.1\n next\n end\n

Note the following:

  • "\n" must be included, as it creates a new line. Use it to replace all intended line breaks in your own set of config.
  • If your config uses tabs, each tab must be replaced with four white spaces.
  • "\n" and all white spices in the config are essential.

There are three places in the config that require attention:

set callback-url

This is the endpoint where instances send their Heartbeat request. This is usually the deployed Azure Function App's URL. You can manually set this to a URL, such as https://<your function app name>.azurewebsites.net/api/AutoscaleHandler, or use the ${CALLBACK_URL} placeholder. The placeholder automatically uses the endpoint parameter assigned when deploying the FortiGate autoscale template.

See below for an example. <your function app name> is normally the resource group name the function app is deployed in.

You are expected to change the callback-url setting when the resource group name is changed.

sync-interface

By default, sync-interface is set to port1. sync-interface is required and must be set to a value.

psksecret

You must provide the psksecret setting in the config.

Once the template has been deployed successfully, you can find it via the resource group and search for the name to locate the created Azure function.

Resources

Parameters required for Function App deployment

Parameter name

Description

Resource Group

Resource group the service will be deployed in.

Location

Region the resource will be deployed in.

App Name

Azure function name.

Db name

Cosmos database name.

Storage Account Type

Storage account type.

Tenant_id

Refer to Setting up a service principal.

Subscription_id

Restapp_id

Heartbeat_loss

HeartBeat loss count.

Autoscale_resource_group

Resource group name that the FortiGate autoscale template will be deployed in.

Scale_name

VMSS name the FortiGate is deployed in.

FGT_config

Base configurations that the FortiGate uses for cloudinit.

Package_Res_URL

Public URL of the zip file that contains the code for deploying the FortiGate autoscale Function App.

The below shows the sample base FortiGate config:

config system dns\n unset primary\n unset secondary\n end\n config system auto-scale\n set status enable\n set sync-interface port1\n set role master\n set callback-url ${CALLBACK_URL}\n set psksecret <your psk secret>\n end\n config system global\n set admin-sport 8443\n end\n config system interface\n edit port1\n set description ext\n next\n edit port2\n set description int\n set mode dhcp\n set defaultgw disable\n next\n end\nconfig router static\nedit 0\nset dst 168.63.129.16 255.255.255.0\nset device port2\nset gateway 10.0.2.1\n next\n end\n

Note the following:

  • "\n" must be included, as it creates a new line. Use it to replace all intended line breaks in your own set of config.
  • If your config uses tabs, each tab must be replaced with four white spaces.
  • "\n" and all white spices in the config are essential.

There are three places in the config that require attention:

set callback-url

This is the endpoint where instances send their Heartbeat request. This is usually the deployed Azure Function App's URL. You can manually set this to a URL, such as https://<your function app name>.azurewebsites.net/api/AutoscaleHandler, or use the ${CALLBACK_URL} placeholder. The placeholder automatically uses the endpoint parameter assigned when deploying the FortiGate autoscale template.

See below for an example. <your function app name> is normally the resource group name the function app is deployed in.

You are expected to change the callback-url setting when the resource group name is changed.

sync-interface

By default, sync-interface is set to port1. sync-interface is required and must be set to a value.

psksecret

You must provide the psksecret setting in the config.

Once the template has been deployed successfully, you can find it via the resource group and search for the name to locate the created Azure function.