Deploying FortiWeb-VM virtual appliance in Microsoft Azure

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

FortiWeb for Microsoft Azure is deployed as a virtual appliance in Microsoft Azure cloud (IaaS). This recipe shows you how to install and configure a FortiWeb-VM virtual appliance in Microsoft Azure.​

1. Registering and downloading your license

If you’re deploying a FortiWeb-VM in the Microsoft Azure marketplace, you must obtain a license to activate it. FortiWeb-VM for Microsoft Azure supports a bring-your-own-license (BYOL) licensing model.

Licenses can be obtained through any Fortinet partner. If you don’t have a partner, contact azure@fortinet.com for assistance in purchasing a license.

After you purchase a license or obtain an evaluation license (60-day term), you will receive a PDF with an activation code. 

Go to https://support.fortinet.com/ and either create a new account or log in with an existing account. 

Go to Asset > Register/Renew to start the registration process.

In the Specify Registration Code field, enter your license activation code and select Next to continue registering the product. Enter your details in the other fields.

At the end of the registration process, download the license (.lic) file for your FortiWeb-VM.

After registering a license, Fortinet servers may take up to 30 minutes to fully recognize the new license. When you upload the license (.lic) file to activate the FortiWeb-VM (in step 3), if you get an error that the license is invalid, wait 30 minutes and try again.

2. Creating a FortiWeb-VM

Log in to the Microsoft Azure Portal and select + New
Search for Fortinet Web Application Firewall – FortiWeb and select it from the search results.
Under Select a deployment model, ensure that Resource Manager is selected. Select Create.  

In the Basics section, set a FortiWeb VM Name

Set a FortiWeb Administrative Username. This name can’t be admin or root.

Choose a FortiWeb Password for the new account and confirm the password. For security reasons, it’s not possible to reset this password through the Microsoft Azure portal, so make sure that you remember the password.

Select the appropriate Subscription from the drop-down list. You may have only one option here.

Create a new Resource group. Currently, it’s not possible to select an existing resource group for a Microsoft Azure Marketplace template set.

Set a Location for the VM.

Select OK.

In the Network and Storage Settings section, select Virtual network. You can either create a new virtual network (VNet) or select an existing one.

If you select an existing VNet, it needs to have at least two subnets so the FortiWeb-VM can route between them. In a typical deployment, the outside subnet is used only to connect the outside interface of the FortiWeb-VM to the Microsoft Azure Public Load Balancer, so it doesn’t need to be very large.

Select OK.

In the Subnets section, the Outside Subnet nameOutside Subnet address prefixInside Subnet name, and Inside Subnet address prefix are pre-defined and you shouldn’t need to change the default values. 

Select OK.

In the Virtual machine size section, select the appropriate VM size for your deployment. 

In the Microsoft Azure Marketplace, the FortiWeb virtual machines come in a variety of sizes, from A0 Standard to D4 Standard. Each virtual machine size within each series has different limits for the amount of memory, number of network interface cards (NIC), maximum number of data disks, size of cache, and maximum input/output operations per second (IOPS) and bandwidth.

Select OK.

In the Storage Account section, choose an existing storage account or create a new one. All resources should be in the same location.  

Set a Name for the storage account.

Under Performance, choose a storage account type.

Select the Replication option you want to use. The options are Locally redundant storage (LRS) or Geo-redundant storage (GRS). LRS is where all data in the Microsoft Azure storage account replicates synchronously to three different storage nodes within the primary region that was chosen when
you created the Microsoft Azure storage account. GRS is where every entity is replicated into two data centers.

The data in the Microsoft Azure storage account is always replicated in order to ensure durability and high availability. Some settings can’t be changed after the storage account is created.

Select OK.

To accept the Network and Storage Settings values, select OK

In the FortiWeb IP Address Assignments section, select Public IP address name. In the Name field, set a name for the public IP address of the FortiWeb. In the Assignment field, select Dynamic or Static. Select OK.

In the Domain name label field, set a resource name for the FortiWeb-VM. Select OK.

In the Public IP Address Type, select Static or Dynamic. Select OK.

Wait for validation to pass, then select OK.

Select Purchase to buy the FortiWeb-VM instance from Microsoft Azure. 

Once the FortiWeb-VM is deployed, you will see a “Deployment succeeded” message.

 3. Connecting to the FortiWeb-VM

To connect to the FortiWeb-VM, you must find its public IP address. There are a number of ways to do this. One way is to select Virtual machines on the left bar and select the FortiWeb-VM you created. Under Essentials, you will see the public IP address of the FortiWeb-VM in the Public IP address field. 

Connect to the FortiWeb-VM using your browser and the FortiWeb-VM IP address. Log in to the FortiWeb-VM with the FortiWeb Administrative Username and FortiWeb Password that you configured above. 

 

Upload your license (.lic) file to activate the FortiWeb-VM. Restart the FortiWeb-VM and log in again.

After you log in, you will see that the license has been uploaded. You need to wait for authentication with the registration servers. This can take up to 15 minutes.

Select Return.

You will now see the FortiWeb-VM dashboard.

To deploy VMs for other Fortinet products in Microsoft Azure, see the following recipes:

Karyn Jacobs

Technical Writer at Fortinet
Karyn Jacobs is a technical writer on the FortiOS Technical Documentation team. She has a B.A.H. in English and a B.Ed. from Queen’s University, and has worked as a technical writer for the past 20 years at various high tech companies.
  • Was this helpful?
  • Yes   No
This must be a complex password containing three of the following types of characters: numbers, capital letters, lowercase letters, and special characters.
Storage types are created from a Microsoft Azure storage account. The Microsoft Azure storage account, in turn, determines certain characteristics for the storage, such as whether the storage is locally redundant or geo-redundant, and whether the storage is based on standard HDDs or SSDs.