Blogs
ElysseMiller
Staff
Staff

Last year we launched a network security solution in the Azure Marketplace that protects both east-west and north-south traffic as it passes through Azure Virtual WAN (vWAN). This security is provided through FortiGate VM, in the form of a managed Network Virtual Appliance (NVA)

 

There are multiple use cases supported with our offering. This includes a secure SD-WAN, SD-WAN with next-generation firewall (NGFW), and solely NGFW with layer 4-7 inspection.

 

The integration of FortiGate VM with Secure SD-WAN and Azure vWAN allows users to more effectively interconnect with applications and workloads running in Azure with the rest of their hybrid and multi-cloud deployments. The result is an even simpler, further automated, and operationally efficient cloud on-ramp and SD-WAN experience and the ability to apply NGFW policies to vWAN traffic.

 

Now, we have released an extension of this offering to include internet-inbound traffic, also known as Destination NAT. We are one of the few cybersecurity companies who provide this capability. This ability allows admins to push applications to end users on the internet through a public IP address assigned to the NVA. Thus, there is no direct exposure to the server public IP or the application itself. Configuration is done on the NVA for filtering traffic and controlling the application’s access. Azure vWAN customers can use NVA orchestration software to configure the NVA and the vWAN infrastructure, specifically the front-end external load balancer, to both forward and accept inbound traffic.

2 Comments
Krzysztof365
New Contributor

@ElysseMiller 

 

Is this feature GA in Azure?

 

If I already have a vWAN integrated NVA how can this feature be enabled without redeployment or any change of existing FortiGate NVA Public IP's?

Srija_RedA
Staff
Staff

@Krzysztof365 

 

Hello, 

 

Is this feature GA in Azure? 

Yes this feature is in Public Preview in Azure. 

 

If I already have a vWAN integrated NVA how can this feature be enabled without redeployment or any change of existing FortiGate NVA Public IP's?

if you already have vWAN integrated NVA and want to enable Internet inbound/DNAT -->  unfortunately it's a new deployment of NVA's. you can back up and restore the config but the Public IP's will change.