FortiGate Azure Discussions & Onboarding Information
HS08
Contributor

VPN Site to Site to Azure

Hello,

 

In the azure market place there are Fortinet firewall, and i have question below:

1. Can we use this Fortinet to connecting our onprem? Our onprem also using Fortinet

2. If we select for 8vCPU, the cost is $1.60. Is this cost include the Fortinet license also or this cost only for VM?

 

Untitled.jpg

5 REPLIES 5
JohnMcdo
Staff
Staff

Hi,

 

Yes you can connect on-prem FortiGate to Azure FortiGate via IPSEC.

 

The $1.60/hr is only for the FortiGate license, Azure VM charges will be additional.  I recommend that you use the Standard F8s_v2 instance type or the D8s_v4 or the D8s_v5.

 

 

HS08

Thanks for your information. Also in the market place there are Fortinet Virtual Machine and Fortinet Azure Application.

If we select Fortinet Azure Application this mean the Fortinet on SaaS platform and no need VM?

 

f2.jpg

JohnMcdo

You'll want to use the Azure Application.

 

It is still a VM, not Saas. The Azure Application utilizes an Azure ARM Template to perform the FortiGate deployment. The ARM template allows for deployment of all the required components and base configuration of the FortiGate VM. The ARM Template deploys a Virtual Network (VNET) and configures the appropriate subnets for the FortiGate or FortiGates if deploying in an HA configuration.

 

The Azure VM option is the standard Azure VM deployment process, no base FortiGate configuration is applied, no VNET is created nor are the options for FortiManager connection or additional FortiGate configuration available.

 

The Azure Virtual Machine tile is mainly made available for the purchase of a Software Reservation. A Software Reservation is a discounted hourly rate for FortiGate licensing.

HS08

Hi @JohnMcdo 

 

So what different between both product in my previous post image?

JoerVan

Hi @HS08,

 

The product behind both listings is the same VM image. The Azure Application will give you the deployment with known architectures ready to go (single vm, Active/Passive, Active/Active). The Virtual Machine is only the virtual machine which you need to configure and deploy in a VM, attach network interfaces, disks, ... It is basically barebones and only available for PAYG. The Azure Application is giving you the options for PAYG as well as BYOL including FortiFlex license options.

 

To get started with an IPSEC tunnel without HA, I would select the Single VM option in the Azure Application.

 

Joeri

Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Top Kudoed Authors