Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

New Contributor

Troubleshooting FortiGate in Azure

Any tips or suggestions for troubleshooting FortiGate within Azure?

I have a newly deployed FortiGate, which I think is following a fairly typical model for an NVA (network virtual appliance) deployment.

I've created several subnets within the same VNet all with their own UBR (routing tables). The routing tables for these subnets for the most part look the same. They all currently for build out purposes point at each firewall zone to the virtual network. They all have a route pointed at the private interface address of the FortiGate NVA.

I followed this guide for setting up hide NAT on the FortiGate;

To test, I created a jumpbox using an external IP Address. I think remote into the jumpbox and then hop over to a host that is not assigned a public external IP address.

The routing table of the host looks like this;

dcesrvadmin@EUSDB01:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface UG 0 0 0 eth0
168.63.12#.16 UGH 0 0 0 eth0
169.254.16#.254 UGH 0 0 0 eth0 U 0 0 0 eth0

The host is a brand new Ubuntu deployment with no customer customization's performed. I see the host has a default route pointing to it's associated subnet. My understanding (could be wrong?) is that traffic from the EUSDB01 machine should hit the gateway (the UBR for that subnet) and be directed to the FortiGate.

The FortiGate right now only has the rules associated with the hide NAT article in it and some objects created to support the implementation of it.

When I try and create traffic from the EUSDB01 machine I don't get out to the Internet and I do not see any sessions logged on the FortiGate.

Is there something I'm obviously doing wrong or tips on how to further troubleshoot in the cloud environment?