Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Huxleyarelq
New Contributor

Created on ‎08-20-2024 09:01 PM

Azure VMs behind FortiClient

I have azure networking backend hosting azure subnet with my DC and computers subnet x.x.x.x/16 and then I have another subnet in azure hosting my fortigate VM y.y.y.y/22. On my fortigate VM I have the local LAN z.z.z.z/26. I have configured the fortigate with FortiClient and would like the DC and computers in Azure to only be reachable through connecting to the FortiClient.  

Labels:
817
0 Kudos
5 REPLIES 5
Stephen_G
Moderator
Moderator

Created on ‎08-23-2024 07:53 AM

Hello Huxleyarelq,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Stephen - Fortinet Community Team
755
0 Kudos
Stephen_G
Moderator
Moderator

Created on ‎08-28-2024 04:16 AM

Hi Huxleyarelq,


We are still trying to get you an answer or help. We will respond to you as soon as possible.

 

Kind regards,

Stephen - Fortinet Community Team
695
0 Kudos
Stephen_G
Moderator
Moderator

Created on ‎08-30-2024 05:35 AM

Hi Huxleyarelq,

 

I apologise for the delays on our end. While I talk to more of our team members: @AEK , is this an area you're familiar with?

 

Kind regards,

Stephen - Fortinet Community Team
683
AEK
SuperUser
SuperUser

Created on ‎09-01-2024 09:46 AM

Hi @Huxleyarelq 

  • Can your FortiGate reach your Azure DC x.x.x.x/16
  • Is this DC subnet x.x.x.x/16 public IP? Is it reachable from any host from the Internet?
  • Is the subnet x.x.x.x/16 behind some firewall?
AEK
AEK
641
vbandha
Staff
Staff

Created on ‎09-01-2024 10:03 AM

Hi @Huxleyarelq 

Is the access to Azure subnet with DC and computers  (x.x.x.x/16) being controlled by fortigate?
If the traffic can go directly to this subnet without passing through fortigate, then fortigate can't restrict the access.

If the traffic has to go through fortigate to reach these subnets then you can create a firewall policy rule to limit access to these subnets.

You would create a policy from VPN to this subnet.

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/656084/firewall-policy


From your description, it seems that the x.x.x.x/16 is not behind fortigate so you may need to configure appropriate routing on azure so the access to this subnet passes through fortigate.

635
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.