Any tips or suggestions for troubleshooting FortiGate within Azure?
I have a newly deployed FortiGate, which I think is following a fairly typical model for an NVA (network virtual appliance) deployment.
I've created several subnets within the same VNet all with their own UBR (routing tables). The routing tables for these subnets for the most part look the same. They all currently for build out purposes point at each firewall zone to the virtual network. They all have a 0.0.0.0/0 route pointed at the private interface address of the FortiGate NVA.
I followed this guide for setting up hide NAT on the FortiGate;
http://cookbook.fortinet.com/installing-fortigate-nat-route-mode/
To test, I created a jumpbox using an external IP Address. I think remote into the jumpbox and then hop over to a host that is not assigned a public external IP address.
The routing table of the host looks like this;
dcesrvadmin@EUSDB01:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.20.3.1 0.0.0.0 UG 0 0 0 eth0
168.63.12#.16 172.20.3.1 255.255.255.255 UGH 0 0 0 eth0
169.254.16#.254 172.20.3.1 255.255.255.255 UGH 0 0 0 eth0
172.20.3.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0
dcesrvadmin@EUSDB01:~$
The host is a brand new Ubuntu deployment with no customer customization's performed. I see the host has a default route pointing to it's associated subnet. My understanding (could be wrong?) is that traffic from the EUSDB01 machine should hit the 172.20.3.1 gateway (the UBR for that subnet) and be directed to the FortiGate.
The FortiGate right now only has the rules associated with the hide NAT article in it and some objects created to support the implementation of it.
When I try and create traffic from the EUSDB01 machine I don't get out to the Internet and I do not see any sessions logged on the FortiGate.
Is there something I'm obviously doing wrong or tips on how to further troubleshoot in the cloud environment?
