Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
veechee
New Contributor

Fortinet on Azure

Has anyone had any experience with deploying an Fortinet firewall VM on Azure in a VNet?  I want to extend on-premise firewall policies and protections to an RDS farm deployment in Azure (IaaS, hence VNet).

 

Also, anybody know if Fortinet has a schedule to release FortiManager and/or FortiAnalyzer on Azure?  They are only offered on AWS right now, and I would prefer not to have to add AWS to the mix if I want to roll these out.

3 REPLIES 3
veechee
New Contributor

I guess nobody has done this yet?

emnoc
Esteemed Contributor III

On the 1st part yes we deployed the VM for a demo . On the 2nd part(s0;  no, I don't recall ever  FTNT and MS ever getting to agreement for  other FTNT products in  the azure cloud solution.We use  the  real manager-appliance & with a  tunnel from our real DC to the vCloud and it worked fine btw.

 

If you need to manage  other FGTfws and have an existing  manager than it just simpler to run the virt-instance  across a tunnel back to corp at the real or virtual appliance be done. No need to install it a remote-cloud unless that's your only datacenter.

 

As far as  Virt-FWAppliance it worked fine but we had issues within the memory allocation that support never figured out. Our pass lame  SSE team also never completed the POC so we dropped the  whole azure and FTNT solution & abandon the case with support so I can't comment if the  appliance was the issue or azure but as far as my  understanding the image in the azure mktplace is the exact same image anywhere else so it should  just work.

 

IMHO: I would strike up a license and roll out a POC before getting fully involved.

PCNSE 

NSE 

StrongSwan  

veechee
New Contributor

Thanks emnoc.

 

I want to move everything possible to public cloud, with minimal on premise server(s).  But I want to extend the security model that I have across physical offices to what runs in the cloud.  This wasn't a huge concern for me when I started with domain controllers and some IT application workloads in Azure IaaS, but now putting an RDS farm in there it's a gaping hole in my opinion if the web browsing, etc. is wide open there, while users on local laptops and desktops in offices are behind UTM firewall.

 

I have no existing FM or FA, so not locked in to any hardware.  But as I am looking at number of sites expanding, these are things I want to look at soon.  So I'm not tethered to any hardware at this point, and hence would not pick hardware if public cloud can achieve the same thing.  I would just prefer to have all in Azure instead of breaking things up between Azure and AWS if I can avoid it.