[Use case] Set up a Windows Server in the protected network

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

This recipe is part of the process of deploying FortiGate HA load-balancing for Microsoft Azure using Azure load balancer. See below for the rest of the recipes in this process:

  1. Basic concepts
    • Traffic flow
    • Azure load balancer
      • Inbound NAT rules
      • Load balancing rules
  2. Locate FortiGate HA for Azure in the Azure portal or Azure marketplace
  3. Determine your licensing model
  4. Configure FortiGate initial parameters
  5. Create VNet and subnets in network settings
  6. Select Azure instance type
  7. Assign Azure IP address
  8. Validate deployment resources
  9. Create FortiGate instances
  10. Connect to the FortiGate
  11. [Use case] Set up a Windows Server in the protected network
  12. Configure FortiGate firewall policies and virtual IPs
  13. [Failover test] Create load balancing rules and access the Windows Server via remote desktop
  1. Let’s deploy a Windows server on the VNet’s protected network. In the Azure marketplace, find a Windows 2012 R2 server. Select one with remote desktop login enabled.
  2. Click Create. Enter the basic parameters. Choose the same resource group and location as the FortiGate, then click OK.
  3. Choose an instance type, then click Select.
  4. Under network configuration, select the network associated with the FortiGate. In this example, this is FortigateProtectedVNet. Then, select the private subnet (internal protected network). In this example, this is FortigateProtectedSubnet.
  5. If you deploy a Windows Server right after deploying FortiGate, the Windows Server’s default IP address is 10.0.1.6, assuming the two FortiGates acquired 10.0.1.4 and 10.0.1.5 on the protected network.
  6. There is no need for a public IP address, as the Windows server will be located behind the FortiGates, unavailable for Internet access. Select None.
  7. In Network security group settings, ensure TCP port 3389 is allowed in Inbound rules. In this example, it is shown by default, but if not, add it. Click OK.
  8. Other configuration is optional. Once everything is confirmed, click OK.
  9. Step 4 validates the configuration. Once successfully completed, click Create to deploy Windows Server.
  10. Wait for ten to fifteen minutes to complete deployment.
  11. Check the IP address for later use.

Latest posts by In Hye Lee (see all)

  • Was this helpful?
  • Yes   No