Fortinet black logo

Azure vWAN SD-WAN NGFW Deployment Guide

Home FortiGate Public Cloud 7.4.0 Azure vWAN SD-WAN NGFW Deployment Guide
7.4.0
7.4.0
7.2.0

Planning the network

Planning the network

Following are the settings chosen for this deployment, such as IP networks, BGP AS number, performance SLA criteria, and so on:

  1. Overlay network address space:
    1. This address space is used for the IP addressing of all hub and branch devices.
    2. The default 10.10.0.0/16 is used.
  2. Loopback IP address space:
    1. These addresses are used for performance SLAs, router IDs, and other admin operations.
    2. The default 172.16.0.0/16 is used.
  3. Autonomous system number for BGP:
    1. A private number is used and must remain exclusively for this SD-WAN BGP configuration.
    2. You must use the same ASN used in Deploying FortiGate NVAs in vWAN hub. In this example, the ASN is 64512.
Tooltip

The deployment example in this guide uses the following ports and IP addresses:

  • Azure vWAN hub consists of two FortiGate NVAs.
  • vWAN FortiGate NVAs have ‘port1’ configured for external access.
    • IP and routing are retrieved through Azure DHCP.
  • vWAN FortiGate NVAs will advertise port2 to directly connected network and all routes received from Azure vWAN services.
    • Azure private VNET is advertised through Azure vWAN BGP services.
  • Branch devices are connected to ISP1 on port1.
Previous
Next

Planning the network

Following are the settings chosen for this deployment, such as IP networks, BGP AS number, performance SLA criteria, and so on:

  1. Overlay network address space:
    1. This address space is used for the IP addressing of all hub and branch devices.
    2. The default 10.10.0.0/16 is used.
  2. Loopback IP address space:
    1. These addresses are used for performance SLAs, router IDs, and other admin operations.
    2. The default 172.16.0.0/16 is used.
  3. Autonomous system number for BGP:
    1. A private number is used and must remain exclusively for this SD-WAN BGP configuration.
    2. You must use the same ASN used in Deploying FortiGate NVAs in vWAN hub. In this example, the ASN is 64512.
Tooltip

The deployment example in this guide uses the following ports and IP addresses:

  • Azure vWAN hub consists of two FortiGate NVAs.
  • vWAN FortiGate NVAs have ‘port1’ configured for external access.
    • IP and routing are retrieved through Azure DHCP.
  • vWAN FortiGate NVAs will advertise port2 to directly connected network and all routes received from Azure vWAN services.
    • Azure private VNET is advertised through Azure vWAN BGP services.
  • Branch devices are connected to ISP1 on port1.
Previous
Next