Connect to the FortiGate

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

This recipe is part of the process of deploying FortiGate HA load-balancing for Microsoft Azure using Azure load balancer. See below for the rest of the recipes in this process:

  1. Basic concepts
    • Traffic flow
    • Azure load balancer
      • Inbound NAT rules
      • Load balancing rules
  2. Locate FortiGate HA for Azure in the Azure portal or Azure marketplace
  3. Determine your licensing model
  4. Configure FortiGate initial parameters
  5. Create VNet and subnets in network settings
  6. Select Azure instance type
  7. Assign Azure IP address
  8. Validate deployment resources
  9. Create FortiGate instances
  10. Connect to the FortiGate
  11. [Use case] Set up a Windows Server in the protected network
  12. Configure FortiGate firewall policies and virtual IPs
  13. [Failover test] Create load balancing rules and access the Windows Server via remote desktop
  1. Now let’s connect to FortiGate node A and node B. First, you must find the assigned public IP addresses. Navigate to the resource group you just created.
  2. Select the virtual machine named <resource group name>-A. In this example, it is fortigateha001-A.FortiGate A’s public IP address can be found in its VM’s overview.
    You can also see this IP address as the load balancer’s public IP address “A”. In this example, the load balancer’s resource name is FortiGate-LB-PublicIP-A.
  3. Let’s also check the existing inbound NAT configuration on the load balancer. Locate <resource_name>publicLB. In this example, it is fortigate001publicLB. Click Inbound NAT rules. There are four rules: FortiGate-A 443, FortiGate-A 22, FortiGate-B 443, and FortiGate-B 22. We will use 443.
  4. In your browser, navigate to https://<FortiGateA_IP_Address>. The login screen should appear. Enter the administrator username and password specified in Configure FortiGate initial parameters.
  5. If you’re using a BYOL license, upload your license (.lic) file to activate the FortiGate. The FortiGate will automatically restart. After it restarts, log in again.
  6. You should now be able to log in and see FortiGate-A’s dashboard as follows. In this example, the hostname is fortigate001-A. You can distinguish that this is FortiGate-A by the hostname. Note the look and feel may differ depending on the FortiOS version in use.
  7. Log into the FortiOS management GUI, and navigate to Network > Interfaces. Verify the private IP addresses for port1 and port2 are properly assigned.
  8. Now let’s access FortiGate B. You can find the public IP address in the load balancer’s public IP address “B”. In this example, the load balancer’s resource name is FortiGate-LB-PublicIP-B.
  9. In your browser, navigate to https://<FortiGateA_IP_Address>. The login screen should appear. Enter the administrator username and password specified in Configure FortiGate initial parameters. By default, these attributes are the same as those of FortiGate A.
  10. If you’re using a BYOL license, upload your license (.lic) file to activate the FortiGate. The FortiGate will automatically restart. After it restarts, log in again.
  11. You should now be able to log in and see FortiGate B’s dashboard as follows. In this example, the hostname is fortigate001-B. You can distinguish that this is FortiGate B by the hostname. Fortinet highly encourages that FortiGate A and FortiGate B run the same FortiOS version.

    When using the Azure availability set, the two FortiGate instances’ firewall policy configurations are not automatically synchronized. You must manually force the same policy configuration on both nodes at all times.
Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin