This recipe is part of the process of deploying FortiGate HA load-balancing for Microsoft Azure using Azure load balancer. See below for the rest of the recipes in this process:
- Basic concepts
- Traffic flow
- Azure load balancer
- Inbound NAT rules
- Load balancing rules
- Locate FortiGate HA for Azure in the Azure portal or Azure marketplace
- Determine your licensing model
- Configure FortiGate initial parameters
- Create VNet and subnets in network settings
- Select Azure instance type
- Assign Azure IP address
- Validate deployment resources
- Create FortiGate instances
- Connect to the FortiGate
- [Use case] Set up a Windows Server in the protected network
- Configure FortiGate firewall policies and virtual IPs
- [Failover test] Create load balancing rules and access the Windows Server via remote desktop
- The following screen allows you to choose basic configuration for your FortiGate HA instance.Under PAYG/BYOL License, select the licensing model. FortiGate for Azure supports both on-demand (PAYG) and bring-your-own-license (BYOL) licensing models. PAYG is an Azure-embedded, hourly subscription model. BYOL is conventional annual perpetual licensing. To activate its functionality, you must obtain a license from Fortinet resellers or distributors and install the license from the FortiOS GUI. To register on Fortinet Support with a BYOL license, see step 4.
- For PAYG, FortiGate hourly pricing depends on the instance type. Visit the Azure marketplace product page and click Plans, beside Overview.Note HA requires two FortiGate instances, so you will pay twice the prices shown.
Note the prices do not include Azure instance compute fees.
- Once FortiGate is deployed, PAYG users don’t need to register a license from the FortiOS GUI. To activate technical support, create the FortiGate instances, then contact Fortinet customer support (http://www.fortinet.com/support/contact_support.html) with the following information:
- Your FortiGate VM instance’s serial number
- Your Fortinet account’s email ID. If you don’t have a Fortinet account, you can create one at https://support.fortinet.com/login/CreateAccount.aspx
- Licenses for the BYOL licensing model can be obtained through any Fortinet partner. After you purchase a license or obtain an evaluation license (60-day term), you will receive a PDF with an activation code. To register on Fortinet Support with a BYOL license, do the following.
- Go to https://support.fortinet.com/ and create a new account or log in with an existing account.
- Go to Asset > Register/Renew to start the registration process. In the Specify Registration Code field, enter your license activation code and select Next to continue registering the product. Enter your details in the other fields.
- At the end of the registration process, download the license (.lic) file to your computer. You will upload this license later (in Connect to the FortiGate) to activate the FortiGates.
After registering a license, Fortinet servers may take up to 30 minutes to fully recognize the new license. When you upload the license (.lic) file to activate the FortiGate, if you get an error that the license is invalid, wait 30 minutes and try again.