Deploying FortiManager-VM virtual appliance in Microsoft Azure

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

FortiManager for Microsoft Azure is deployed as a virtual appliance in Microsoft Azure cloud (IaaS). This recipe shows you how to install and configure a FortiManager-VM virtual appliance in Microsoft Azure.

1. Registering and downloading your license

If you’re deploying a FortiManager-VM in the Microsoft Azure marketplace, you must obtain a license to activate it. FortiManager-VM for Microsoft Azure supports a bring-your-own-license (BYOL) licensing model.

Licenses can be obtained through any Fortinet partner. If you don’t have a partner, contact azure@fortinet.com for assistance in purchasing a license.

After you purchase a license or obtain an evaluation license (60-day term), you will receive a PDF with an activation code. 

Go to https://support.fortinet.com/ and either create a new account or log in with an existing account. 

Go to Asset > Register/Renew to start the registration process.

In the Specify Registration Code field, enter your license activation code and select Next to continue registering the product. Enter your details in the other fields.

At the end of the registration process, download the license (.lic) file for your FortiManager-VM.

After registering a license, Fortinet servers may take up to 30 minutes to fully recognize the new license. When you upload the license (.lic) file to activate the FortiManager-VM (in step 3), if you get an error that the license is invalid, wait 30 minutes and try again.

2. Creating a FortiManager-VM

Log in to the Microsoft Azure Portal and select + New
Search for FortiManager Centralized Security Management and select it from the search results.
Under Select a deployment model, ensure that Resource Manager is selected. Select Create.

In the Basics section, set a FortiManager-VM name in the FortiManager virtual appliance name field. 

Set a FortiManager administrative username. This name can’t be admin or root.

Choose a FortiManager password for the new account and confirm the password. For security reasons, it’s not possible to reset this password through the Microsoft Azure portal, so make sure that you remember the password.

Select the appropriate Subscription from the drop-down list. You may have only one option here.

Create a new Resource group. Currently, it’s not possible to select an existing resource group for a Microsoft Azure Marketplace template set.

Set a Location for the VM.

Select OK.

In the Network and Storage Settings section, select Virtual network. You can either create a new virtual network (VNet) or select an existing one.

In the Address space field, accept the default values or specify your own.

Select OK.

In the Subnet section, the Subnet name and Subnet address prefix are pre-defined and you shouldn’t need to change the default values. 

Select OK.

In the Virtual machine size section, select the appropriate VM size for your deployment. 

In the Microsoft Azure Marketplace, the FortiManager virtual machines come in a variety of sizes, from A0 Standard to D4 Standard. Each virtual machine size within each series has different limits for the amount of memory, number of network interface cards (NIC), maximum number of data disks, size of cache, and maximum input/output operations per second (IOPS) and bandwidth.

Select OK.

In the Storage account section, choose an existing storage account or create a new one. All resources should be in the same location.  

Set a Name for the storage account.

Under Performance, choose a storage account type.

Select the Replication option you want to use. The options are Locally redundant storage (LRS) or Geo-redundant storage (GRS). LRS is where all data in the Microsoft Azure storage account replicates synchronously to three different storage nodes within the primary region that was chosen when you created the Microsoft Azure storage account. GRS is where every entity is replicated into two data centers.

The data in the Microsoft Azure storage account is always replicated in order to ensure durability and high availability. Some settings can’t be changed after the storage account is created.

To accept the Network and Storage Settings values, select OK.

In the FortiManager IP address assignments section, select First public IP address resource name. In the Name field, set a name for the public IP address of the FortiManager. In the Assignment field, select Dynamic or Static. Select OK.

In the Public IP address type field, select Static or Dynamic. Select OK.

Wait for validation to pass, then select OK.

Select Purchase to buy the FortiManager-VM instance from Microsoft Azure. 

Once the FortiManager-VM is deployed, you will see a “Deployment succeeded” message.

3. Connecting to the FortiManager-VM

To connect to the FortiManager-VM, you must find its public IP address. There are a number of ways to do this. One way is to select Virtual machines on the left bar and select the FortiManager-VM you created. Under Essentials, you will see the public IP address of the FortiManager-VM in the Public IP address field. 

Connect to the FortiManager-VM using your browser and the FortiManager-VM IP address. Log in to the FortiManager-VM with the FortiWeb administrative username and FortiManager password that you configured above. 

Upload your license (.lic) file to activate the FortiManager-VM. Restart the FortiManager-VM and log in again.

After you log in, you will see that the license has been uploaded. You need to wait for authentication with the registration servers. This can take up to 15 minutes.

Select Return.

You will now see the FortiManager-VM dashboard.

Karyn Jacobs

Technical Writer at Fortinet
Karyn Jacobs is a technical writer on the FortiOS Technical Documentation team. She has a B.A.H. in English and a B.Ed. from Queen’s University, and has worked as a technical writer for the past 20 years at various high tech companies.
  • Was this helpful?
  • Yes   No
This must be a complex password containing three of the following types of characters: numbers, capital letters, lowercase letters, and special characters.
Storage types are created from a Microsoft Azure storage account. The Microsoft Azure storage account, in turn, determines certain characteristics for the storage, such as whether the storage is locally redundant or geo-redundant, and whether the storage is based on standard HDDs or SSDs.