Description
This article describes how to setup public IP access for FortiGate VM in Azure.
Solution
Let assume that FortiGate VM is spin up in Azure.
FortiGate is configured to have two NICs; one will be used for LAN and the other will be used for WAN.
Configure it further so as to access FortiGate using the Azure public IP address.
1) Assign a public IP address to WAN NIC on Azure.
The Azure WAN NIC will be visible as below image:
The Azure have assigned a public IP address to the NIC.
This article describes how to setup public IP access for FortiGate VM in Azure.
Solution
Let assume that FortiGate VM is spin up in Azure.
FortiGate is configured to have two NICs; one will be used for LAN and the other will be used for WAN.
Configure it further so as to access FortiGate using the Azure public IP address.
1) Assign a public IP address to WAN NIC on Azure.
The Azure WAN NIC will be visible as below image:
Navigate to below settings to enable public IP address for the NIC.
2) Now login FortiGate WebUI to attach the WAN NIC IP to FortiGate.
Note the FortiGate WAN interface will be assigned the private IP address by Azure.
The linking(NATing) of this private address to Azure public IP address will be done by Azure.
Navigate to select WAN interface on FortiGate: Address -> Address mode -> DHCP.
Wait for few seconds and FortiGate WAN interface will be assigned with the Azure public interface private IP address.
Wait for few seconds and FortiGate WAN interface will be assigned with the Azure public interface private IP address.
Make to enable required administrator access rights like ping, HTTPS/HTTP for testing on FortiGate WAN IP.
3)Now, it is still not possible to access FortiGate WebUI using the public IP.
Make sure of two settings in Azure.
- Make sure that Azure security groups are configured to allow the traffic to NIC.
Refer the below link to configure inbound rule on WAN NIC:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal
- Now, there is Azure WAN NIC with public and private IP address; and FortiGate WAN interface configured with private IP address.
But traffic destined to public IP address of azure WAN NIC still will not be routed to Azure private IP of WAN NIC.
Enable 'IP forwarding' feature to do so.
- In the virtual machine's menu bar, select 'Networking'.
- Select the configured WAN NIC
- In the network interface menu bar, select 'IP configurations'.
- In the IP configurations page, set IP forwarding to Enabled, and select 'Save'.
- Select the configured WAN NIC
- In the network interface menu bar, select 'IP configurations'.
- In the IP configurations page, set IP forwarding to Enabled, and select 'Save'.
