Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

VikrGogt
Staff
Staff

Created on ‎04-21-2017 11:52 AM

Deploying Fortigate Azure Image in GovCloud

1 –  Download the Generalized Image

You can download the image from here:

https://debyolimages.blob.core.windows.net/byolimages/fos-b5776.vhd 

 

2 - Copy that image to your storage account.  

Using Azure CLI 1 here are the commands I used (for the Azure German cloud - I don't have access to GovCloud):

azure storage account keys list --resource-group

 

From that command, you should obtain a key that you can use in the following command:

azure storage blob upload --blobtype page --account-name --account-key --container images "c:\Users\\Downloads\foos-b5776.vhd"

 

3- Deploy the image to a VM.

 The following template should work for this.  I can't test in GovCloud, but I think I made all the necessary changes to get it to work.   

 

https://raw.githubusercontent.com/fortinetclouddev/FortigateAzureTemplate/5.3.5GovCloudLocalImage/ma...

 

Generally deploy these from within the portal (Click +New to create a resource and search for "Template deployment")  If you have that option, here are the full instructions:

 

·         Access the Azure portal and sign in with an Azure account that has administrative privileges.

·         In the left navigation pane, select (+) New

·         In the "search the marketplace" field, enter "template"

·         Select "Template deployment"

·         In the "Results" section returned, select "Template deployment"

·         Select "Create"

 

You will now be in the "Deploy from a custom template" section :

 

·         Select "Edit"

·         Copy the contents of the maintemplate JSON file (ALL 300+ lines of code)

·         Paste this content into the "Edit template" section, *replacing* the content that is already there (6 lines of code)

·         Select "Save"

·         Now complete the parameters (which are environment specific variables)

 

Once you have entered and completed the information required :

 

·         Select "I agree to the terms and conditions stated above"

·         Select "Purchase"

 

If, you can't use that option due to the same marketplace restrictions, you could deploy from CLI or Powershell:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-deploy-cli

Labels:
340
0 Kudos
3 REPLIES 3
MartTwom
Staff
Staff

Created on ‎05-11-2017 09:46 AM

The above process is only necessary for those customers who don't have access to the Azure Marketplace (The Azure Marketplace is optional in GovCloud).  If Azure Marketplace is available, a template which references the marketplace image can be used. 

To do so, use the "Template deployment" option from the marketplace, like so:

  1. Access the Azure portal and sign in with an Azure account that has administrative privileges.
  2. In the left navigation pane, select (+) New
  3. In the "search the marketplace" enter "template"
  4. Select "Template deployment"
  5. In the "Results" section returned, select "Template deployment"
  6. Select "Create"

 You will now be in the "Deploy from a custom template" section :

  1. Select "Edit"
  2. Go to the template here: https://raw.githubusercontent.com/fortinetsolutions/Azure-Templates/master/GovCloud%20Templates/Fort...(Or for HA - https://raw.githubusercontent.com/fortinetsolutions/Azure-Templates/master/GovCloud%20Templates/For...
  3. Copy the contents of this JSON file (ALL 300+ lines of code)
  4. Paste this content into the "Edit template" section, replacing the content that is already there (6 lines of code)
  5. Select "Save"
  6. Now complete the parameters (which are environment and deployment specific variables)

Once you have entered and completed the information required:

  1. Select "I agree to the terms and conditions stated above"
  2. Select "Pin to dashboard"
  3. Select "Purchase"
326
0 Kudos
bgetz_FTNT
Staff
Staff
In response to MartTwom

Created on ‎04-24-2018 10:52 AM

Hello,

Has there been an update for the links to reflect 5.6.3?

I worked with Michael to get the updated VHDS

Here you are (FortiGate-VM v5.6.3):

 http://ftnt.blob.core.windows.net/vhds/fos-b1547-byol.vhd

http://ftnt.blob.core.windows.net/vhds/fos-b1547-payg.vhd

But when I start going through the .json file I'm seeing some references that I'm wondering if I need to update

For example,

 "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#"

"https://raw.githubusercontent.com/fortinetclouddev/FortigateAzureTemplate/5.3.5GovCloudLocalImage"

I did try combinations of 5.6 and 5.6.3 but had no luck

Situation:

I'm dealing with the government agency for whom the regulating cloud body has shut off all access to the marketplace. They have a license for a VM04 and the regular github templates (VM04) do not seem to work for them.

Any assistance is greatly appreciated.

Blair

326
0 Kudos
MartTwom
Staff
Staff
In response to bgetz_FTNT

Created on ‎04-24-2018 12:31 PM

Hi Blair,

If you are referencing a local image, then you will need to verify the path is set correctly. The assumption being made is that there’s an “images” blob in the specified storage account which hosts the image chosen in the parameters definition.

The section you may need to change to fit your deployment is under the image reference:

"storageProfile": {
"osDisk": {
"name": "[concat(variables('compute_VM_fg1_Name'),'-osDisk')]",
"caching": "ReadWrite",
"createOption": "FromImage",
"image": {
"uri": "[concat('http://',parameters('StorageAccountName'),'.blob.core.usgovcloudapi.net/images/',parameters('imagena... http://',parameters('storageaccountname'),'.blob.core.usgovcloudapi.net/images/',parameters('imagena... ]"
},

Regards,

Martin Twombly
Principal Cloud Architect
M: +1.541.622.2097

On Apr 24, 2018, at 1:51 PM, Blair Getz via Cloud Security: >">mailto:cloudsecurity@lists.fusecommunity.fortinet.com>> wrote:


Hello,

Has there been an update for the links to reflect 5.6.3?

I worked with Michael to get the updated VHDS

Here you are (FortiGate-VM v5.6.3):

http://ftnt.blob.core.windows.net/vhds/fos-b1547-byol.vhd

http://ftnt.blob.core.windows.net/vhds/fos-b1547-payg.vhd

But when I start going through the .json file I'm seeing some references that I'm wondering if I need to update

For example,

"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#"

"https://raw.githubusercontent.com/fortinetclouddev/FortigateAzureTemplate/5.3.5GovCloudLocalImage"

I did try combinations of 5.6 and 5.6.3 but had no luck

Situation:

I'm dealing with the government agency for whom the regulating cloud body has shut off all access to the marketplace. They have a license for a VM04 and the regular github templates (VM04) do not seem to work for them.

Any assistance is greatly appreciated.

Blair

-----End Original Message-----



*** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***
326
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.