Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
As I haired from a few customers that Azure firewall is a little bit expensive! and some of them they don't have a budget for test/dev environment,as it cost (approximately $100 monthly, per appliance). This price gets compounded if you need to deploy multiple Azure Firewall appliances per regional VNet
In this post we will explain how to deploy FortiGate NGFW for Azure, you can deploy the FortiGate for Azure as a virtual appliance in Azure cloud (infrastructure as a service)
As I haired from a few customers that Azure firewall is a little bit expensive! and some of them they don't have a budget for test/dev environment,as it cost (approximately $100 monthly, per appliance). This price gets compounded if you need to deploy multiple Azure Firewall appliances per regional VNet
In this post we will explain how to deploy FortiGate NGFW for Azure, you can deploy the FortiGate for Azure as a virtual appliance in Azure cloud (infrastructure as a service)
This section shows you how to install and configure a single instance FortiGate-VM in Azure to provide a full NGFW/unified threat management (UTM) security solution in front of Azure IaaS resources
Deployment
Current Environment:
I have around 15 VMs, connected to the same VNet which it has around 12 Subnets
I created another two subsets for FortiGate VM as i will explain later
Deployment
Current Environment:
I have around 15 VMs, connected to the same VNet which it has around 12 Subnets
I created another two subsets for FortiGate VM as i will explain later
- Login to Azure Portal and click on Add resources, from marketplace search for FortiGate
- Select FortiGate next-generation firewall - Single VM
- Click Create
- You can see Plans in our case we will deploy the cheapest option (DS1v2)
- Fill the configuration part
- in my case as i don't have the license i selected in PAYG/BYOL License: PAYG 6.2.3, in case you have the license select BYOL
- Click Next, to fill network part
- Here if you can I selected: outsideSubnet which it will have public IP, and InsideSubnet which I will use it to configure the route between existing VMs
- In VM size I choosed (DS1 V2)
- Next select the Public IP Address which it will be attached to Nic0 which is connected to externalSubnet
- Once you finish click Create
- It will take up-to 5 minutes to be created
- You can verify test the appliance now, just copy the public IP address to your browser, https://90.13.125.24
- Before start configuring the rules on the firewall is to add all the existing subnet to the route table which is created "contains the word 'inside'"
- Last step, if you want access the VM using a specific port such as RDP, you have to add another public ip address to same FortiGate NIC which is already have a one public IP before, in my case I need to access 3 VMs using RDP so I added another 3 Public IP address, and once i finished i create a static NAT in FortiGate
Finally, after applying the last step all VMs will not be able to communicate between each other, so you have to create a rule on the firewall to allow the traffic (any-any) between for address-space and another rule for DMZ to block all traffic for both inbound and outbound
RSS Feed
