Deploying FortiGate load-balancing HA for Microsoft Azure


This recipe introduces the process of deploying FortiGate High Availability (HA) load-balancing for Microsoft Azure using Azure load balancer. See below for recipes in this process:

  1. Basic concepts
    • Traffic flow
    • Azure load balancer
      • Inbound NAT rules
      • Load balancing rules
  2. Locate FortiGate HA for Azure in the Azure portal or Azure marketplace
  3. Determine your licensing model
  4. Configure FortiGate initial parameters
  5. Create VNet and subnets in network settings
  6. Select Azure instance type
  7. Assign Azure IP address
  8. Validate deployment resources
  9. Create FortiGate instances
  10. Connect to the FortiGate
  11. [Use case] Set up a Windows Server in the protected network
  12. Configure FortiGate firewall policies and virtual IPs
  13. [Failover test] Create load balancing rules and access the Windows Server via remote desktop

FortiGate for Microsoft Azure is deployed as HA instances in Azure (IaaS). FortiGate is designed to provide a full NGFW/UTM security solution to protect your workloads in the Azure IaaS.

This process shows you how to install and configure two FortiGate nodes forming an Azure HA set in Azure, using an Azure load balancer to achieve load-balancing incoming traffic.