The following snippet summarizes the Azure vWAN NGFW with routing intent architecture and deployment. To view the complete guide, go to Azure vWAN NGFW Deployment Guide.
Azure vWAN NGFW with Routing Intent
Microsoft Azure supports virtual WAN (vWAN), and partners with third-party solution providers, such as Fortinet, to deploy network virtual appliances (NVAs) to a vWAN hub.
This deployment guide provides a brief overview of Microsoft Azure vWAN and how Fortinet FortiGate virtual machines can be used as NVAs in a vWAN hub. In this topology, FortiGate NVA instances in the vWAN help provide routing capabilities between Azure VNETs and provide security using FortiGate’s NGFW features.
Following is an example of a fully deployed vWAN architecture, with FortiGate NVA instances as the central vWAN hub:
Deployment procedures
Deployment requires the following steps:
1. Use Azure Marketplace and FortiManager to create a vWAN, vWAN hub, and deploy FortiGate NVAs to the vWAN hub. See Deploying vWAN on Azure.
This step sets up the vWAN and FortiGate NVAs in the vWAN hub and adds a license to the FortiGate NVAs. The FortiGate NVAs will be the hub in our SD-WAN configuration.
This document does not describe how to deploy the FortiGate devices (either cloud or on-premise) that will be used for the branch devices (or spokes) in the SD-WAN network. See Prerequisites for SD-WAN configuration.
2. Use FortiManager to configure SD-WAN on the deployed FortiGate NVAs (the hub) and deployed branch FortiGates (the spokes). See Configuring SD-WAN on FortiManager .
This step adds the SD-WAN overlay of IPsec tunnels and BGP peering between the FortiGate NVA and the branch FortiGates. This configuration is sometimes called SD-WAN on-ramp.
For more information, go to Azure vWAN NGFW Deployment Guide.
