AZURE HEROES
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
  • Registration Form
  • Privacy Policy
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
  • Registration Form
  • Privacy Policy

azure firewall costly? try fortigate

6/24/2020

10 Comments

 
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

As I haired from a few customers that Azure firewall is a little bit expensive! and some of them they don't have a budget for test/dev environment,as it cost (approximately $100 monthly, per appliance). This price gets compounded if you need to deploy multiple Azure Firewall appliances per regional VNet

In this post we will explain how to deploy FortiGate NGFW for Azure, you can deploy the FortiGate for Azure as a virtual appliance in Azure cloud (infrastructure as a service)
Picture
This section shows you how to install and configure a single instance FortiGate-VM in Azure to provide a full NGFW/unified threat management (UTM) security solution in front of Azure IaaS resources

Deployment
Current Environment:
I have around 15 VMs, connected to the same VNet which it has around 12 Subnets
I created another two subsets for FortiGate VM as i will explain later
  • Login to Azure Portal and click on Add resources, from marketplace search for FortiGate
Picture
  • Select FortiGate next-generation firewall - Single VM
  • Click Create
Picture
  • You can see Plans in our case we will deploy the cheapest option (DS1v2)
Picture
  • Fill the configuration part
  • in my case as i don't have the license i selected in PAYG/BYOL License: PAYG 6.2.3, in case you have the license select BYOL
Picture
  • Click Next, to fill network part
  • Here if you can I selected: outsideSubnet which it will have public IP, and InsideSubnet which I will use it to configure the route between existing VMs
  • In VM size I choosed (DS1 V2)
Picture
  • Next select the Public IP Address which it will be attached to Nic0 which is connected to externalSubnet
Picture
  • Once you finish click Create
Picture
  • It will take up-to 5 minutes to be created
Picture
  • You can verify test the appliance now, just copy the public IP address to your browser, https://90.13.125.24
Picture
  • Before start configuring the rules on  the firewall is to add all the existing subnet to the route table which is created "contains the word 'inside'"
Picture
  • Make sure to Add all Subnets you have into FortiGate Static Route as below
Picture
  • Last step, if you want access the VM using a specific port such as RDP, you have to add another public ip address to same FortiGate NIC which is already have a one public IP before, in my case I need to access 3 VMs using RDP so I added another 3 Public IP address, and once i finished i create a static NAT in FortiGate
Picture
Allow Inbound Traffic:
Let's consider I have an jump server and I need to allow outbound port# 3389, this first thing I will do is
  1. To make sure that the Subnet has added to the route table
  2. Then, I will add a new IP to the first NIC of the Firewall as the previous screenshot
  3. From FortiGate I will configure the policy as per the below screenshot
Picture
Picture
And in case you want to allow outbound traffic do the same but, from port2 to port 1 as per the below screenshot
Picture
10 Comments
Mostafa agha
6/25/2020 11:17:50 pm

Keep good posts

Reply
Rousan
6/28/2020 11:20:18 pm

I will, Thank you :)

Reply
Mostafa Elshahat
6/28/2020 11:12:07 pm

good job , very clear

Reply
Rousan
6/28/2020 11:20:46 pm

Thank you my dear :)

Reply
Saravanan
7/18/2020 01:40:09 am

Good job , thanks for sharing

Reply
Babajide
10/15/2020 03:19:18 pm

Thanks for the post. i need clarification the last part how do i protect the VM in azure using the fortigate, how tdo i route traffic through fotigate before getting to the Azure VM

Reply
Mohammad Al Rousan
10/16/2020 02:43:28 pm


I have amended the article, please review it again and feel free to contact me if you still have any concern

Reply
Babajide
10/16/2020 02:08:37 pm

Can you please show me how you created the static route in fortigate and how you were to RDP into the 3 VMs using the IP attached to fortigate NIC since they are not attached to the VM itself

Reply
Mohammad Al Rousan
10/16/2020 02:46:13 pm

If you want to Map one public IP to the 3 VMs then you have to use Azure Load balancer (NLB) as there is a limitation on Azure to map one public IP to multiple VMs

Reply
Kong Tuck Chee
11/9/2021 01:12:14 pm

Isn't this more costly than Azure VPN Gateway ? Azure VPNGW1 plan is only USD136.80 per month while Fortgate FW cheapest plan is USD $219/month. Correct me if i am wrong. I never deploy Fortigate in Azure before.

Reply



Leave a Reply.

    Author

    Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 8 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products.

    Picture
    Picture
    Top 10 Microsoft Azure Blogs

    Archives

    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    May 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    April 2020
    January 2020
    July 2019
    June 2019
    May 2019
    February 2019
    January 2019

    Categories

    All
    AKS
    Azure
    Beginner
    CDN
    DevOps
    End Of Support
    Fundamentals
    Guide
    Hybrid
    License
    Migration
    Network
    Security
    SQL
    Storage
    Virtual Machines
    WAF

    RSS Feed

    Follow
    Free counters!
Powered by Create your own unique website with customizable templates.