Fortinet Document Library

Version:


Table of Contents

About FortiGate for Azure

Deploying FortiGate on Azure

Deploying auto scaling on Azure

Single FortiGate-VM Deployment

Use case: High availability for FortiGate on Azure

Use case: Automatically updating dynamic addresses using Fabric connector

Resources

Upgrade Path Tool
6.0.0
Copy Link

Verifying the deployment

In the resource group you created (fgtasg-rg in our example), you will find the following components:

  • 1 Virtual machine scale set for BYOL
  • 1 Virtual machine scale set for PAYG
  • 1 Internal Load balancer
  • 1 Public Load balancer
  • 1 Azure Cosmos DB account
  • 1 App Service (this is the Function App)
  • 1 Application Insights (automatically enabled if your region supports it)
  • 1 App Service plan
  • 1 Storage account
  • 1 Virtual network
  • 1 Public IP address
  • 3 Route tables
  • 1 Network security group

The resource group Overview page will look as shown below:

Resource group overview page

Verify the following components:

To verify the Function App:
  1. In the Azure console, from the left navigation column, select Resource groups.
  2. Locate the resource group in which you deployed the Function App template by scrolling through the list or by using one or more of the name, subscription, and location filters. In the example below, this is fgtasg-rg. Once you locate it, click the name to load the resource group Overview page.

    Locate resource group

  3. Load the Function App by clicking its name. It is the item of type App Service.

You should see three functions on the left:

  • custom-log: A function to retrieve function logs for troubleshooting purposes.
  • fgt-asg-handler: The main autoscaling function.
  • byol-license: The function to distribute BYOL licenses.

The Function App Overview page will look as shown below:

Function App overview page

To verify the database:
  1. From the resource group overview page, click the Azure Cosmos DB account name.
  2. From the navigation column, click Data Explorer.

You will see the following DB and tables:

  • Database: FortiGateAutoscale
  • Tables:
    • CustomLog
    • FortiGateAutoscale
    • FortiGateMasterElection
    • LicenseStock
    • LicenseUsage
    • Settings
    • VmInfoCache

The database Data Explorer page will look as shown below:

Database tables

To verify the master election:

The elected master FortiGate-VM will be logged in the CosmosDB FortiGateAutoscale in the table FortiGateMasterElection.

  1. Expand the FortiGateMasterElection table and click on Items.
  2. The master record will be the only item in the table. Click the master record.

In the master record,

  • scalingGroupName is the name of the Scale Set in which the master FortiGate-VM is located.
  • ip is the primary private IP address of the current master FortiGate-VM.
  • instanceId is the index of the FortiGate-VM in the Scale Set.
  • vpcId is the ID of the VPC in which the master FortiGate-VM instance is located.
  • subnetId is the ID of the subnet in which the master FortiGate-VM is located.
  • voteEndTime is the Unix time stamp for when this master election should expire if the vote state cannot change to done by this time.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress. You should wait for its completion. At this point in time, the final master instance is not yet known.
    • done: the master election process is done.

The Items page will look as shown below:

Items page with Master record

Resources

Verifying the deployment

In the resource group you created (fgtasg-rg in our example), you will find the following components:

  • 1 Virtual machine scale set for BYOL
  • 1 Virtual machine scale set for PAYG
  • 1 Internal Load balancer
  • 1 Public Load balancer
  • 1 Azure Cosmos DB account
  • 1 App Service (this is the Function App)
  • 1 Application Insights (automatically enabled if your region supports it)
  • 1 App Service plan
  • 1 Storage account
  • 1 Virtual network
  • 1 Public IP address
  • 3 Route tables
  • 1 Network security group

The resource group Overview page will look as shown below:

Resource group overview page

Verify the following components:

To verify the Function App:
  1. In the Azure console, from the left navigation column, select Resource groups.
  2. Locate the resource group in which you deployed the Function App template by scrolling through the list or by using one or more of the name, subscription, and location filters. In the example below, this is fgtasg-rg. Once you locate it, click the name to load the resource group Overview page.

    Locate resource group

  3. Load the Function App by clicking its name. It is the item of type App Service.

You should see three functions on the left:

  • custom-log: A function to retrieve function logs for troubleshooting purposes.
  • fgt-asg-handler: The main autoscaling function.
  • byol-license: The function to distribute BYOL licenses.

The Function App Overview page will look as shown below:

Function App overview page

To verify the database:
  1. From the resource group overview page, click the Azure Cosmos DB account name.
  2. From the navigation column, click Data Explorer.

You will see the following DB and tables:

  • Database: FortiGateAutoscale
  • Tables:
    • CustomLog
    • FortiGateAutoscale
    • FortiGateMasterElection
    • LicenseStock
    • LicenseUsage
    • Settings
    • VmInfoCache

The database Data Explorer page will look as shown below:

Database tables

To verify the master election:

The elected master FortiGate-VM will be logged in the CosmosDB FortiGateAutoscale in the table FortiGateMasterElection.

  1. Expand the FortiGateMasterElection table and click on Items.
  2. The master record will be the only item in the table. Click the master record.

In the master record,

  • scalingGroupName is the name of the Scale Set in which the master FortiGate-VM is located.
  • ip is the primary private IP address of the current master FortiGate-VM.
  • instanceId is the index of the FortiGate-VM in the Scale Set.
  • vpcId is the ID of the VPC in which the master FortiGate-VM instance is located.
  • subnetId is the ID of the subnet in which the master FortiGate-VM is located.
  • voteEndTime is the Unix time stamp for when this master election should expire if the vote state cannot change to done by this time.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress. You should wait for its completion. At this point in time, the final master instance is not yet known.
    • done: the master election process is done.

The Items page will look as shown below:

Items page with Master record