The following snippet summarizes the Azure vWAN SD-WAN with routing intent architecture and deployment. To view the complete guide, go to Azure vWAN SD-WAN NGFW Deployment Guide.
Azure vWAN SD-WAN with Routing Intent
Microsoft Azure supports virtual WAN (vWAN), and partners with third-party solution providers, such as Fortinet, to deploy network virtual appliances (NVAs) to a vWAN hub.
This deployment guide provides a brief overview of Microsoft Azure vWAN and how Fortinet FortiGate virtual machines can be used as NVAs in a vWAN hub. It also describes how to deploy Microsoft Azure vWAN and FortiGate NVAs and how to use FortiManager to configure an SD-WAN hub and spoke overlay between the FortiGate NVAs and branch FortiGates. The FortiGate NVAs are the hub, and the branch FortiGate(s) are the spokes in the SD-WAN network.
Following is an example of a fully deployed vWAN architecture, with FortiGate NVA instances as the central vWAN hub, and spoke FortiGates connecting to the vWAN for access to protected resources:
Deployment procedures
Deployment requires the following steps:
1. Use Azure Marketplace and FortiManager to create a vWAN, vWAN hub, and deploy FortiGate NVAs to the vWAN hub. See Deploying vWAN on Azure.
This step sets up the vWAN and FortiGate NVAs in the vWAN hub and adds a license to the FortiGate NVAs. The FortiGate NVAs will be the hub in our SD-WAN configuration.
This document does not describe how to deploy the FortiGate devices (either cloud or on-premise) that will be used for the branch devices (or spokes) in the SD-WAN network. See Prerequisites for SD-WAN configuration.
2. Use FortiManager to configure SD-WAN on the deployed FortiGate NVAs (the hub) and deployed branch FortiGates (the spokes). See Configuring SD-WAN on FortiManager .
This step adds the SD-WAN overlay of IPsec tunnels and BGP peering between the FortiGate NVA and the branch FortiGates. This configuration is sometimes called SD-WAN on-ramp.
For more information, go to Azure vWAN SD-WAN NGFW Deployment Guide.