Create VNet and subnets in network settings

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

This recipe is part of the process of deploying FortiGate HA load-balancing for Microsoft Azure using Azure load balancer. See below for the rest of the recipes in this process:

  1. Basic concepts
    • Traffic flow
    • Azure load balancer
      • Inbound NAT rules
      • Load balancing rules
  2. Locate FortiGate HA for Azure in the Azure portal or Azure marketplace
  3. Determine your licensing model
  4. Configure FortiGate initial parameters
  5. Create VNet and subnets in network settings
  6. Select Azure instance type
  7. Assign Azure IP address
  8. Validate deployment resources
  9. Create FortiGate instances
  10. Connect to the FortiGate
  11. [Use case] Set up a Windows Server in the protected network
  12. Configure FortiGate firewall policies and virtual IPs
  13. [Failover test] Create load balancing rules and access the Windows Server via remote desktop

In the Azure management portal, step 2, Network Settings and Instance, consists of configuring the following:

  • Virtual network (VNet)
  • Subnets
  • VM (Azure instance type)

Some fields are automatically populated with default values. Usually, it is fine to proceed with these values and modification is not needed. These values are are embedded in ARM deployment templates in the backend.

  1. Configure the VNet as follows:
    1. Name: change to the desired name. In the example, the name is FortigateProtectedVNet.
    2. Address space: by default, if this is the first FortiGate deployment in the specified resource group, the space is shown as 10.0.0.0/16. You can change this to your own space range depending on your corporate network environment. This value increments with subsequent deployments. For example, the default value for the second deployment would be 10.1.0.0/16.
  2. Click OK.
  3. Configure subnets as follows:
      1. You will see two subnets: one public-facing subnet, and another protected network subnet. These subnets belong to the VNet address space created in the previous step. By default, the public-facing subnet is 10.0.0.0/24, and the protected network subnet is 10.0.1.0/24. If you change these values, ensure they fit into the address space and that the two subnets do not overlap in the ranges, as a FortiGate instance will sit inline between the two, having two network interfaces (ports).
      2. In this example, the public-facing subnet is named PublicFacingSubnet, and the private subnet (the internal protected network) is named FortigateProtectedSubnet.
      3. If the space is within 10.0.0.0/16 and there are no existing resources in it, the FortiGates’ default private IP addresses will usually be as follows:
        • FortiGate A:
          • Port 1: 10.0.0.4 (PublicFacingSubnet)
          • Port 2: 10.0.1.4 (FortigateProtectedSubnet
        • FortiGate B:
          • Port 1: 10.0.0.5 (PublicFacingSubnet)
          • Port 2: 10.0.1.5 (FortigateProtectedSubnet
  4. Note specific IP addresses cannot be seen at this point. Once you are comfortable with the ranges, click OK.

Latest posts by In Hye Lee (see all)

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin
  • Was this helpful?
  • Yes   No