I am having a hard time figuring out exactley what the Azure vWAN is all about ? I DO get the vWAN itself, njust not the Fortigate part of it.
After creating a vWAN and a hub, you get the option to add on a virtual appliance - fortinet is one of the choices here. But when you cliock it - it brings you here:
https://www.fortinet.com/blog/business-and-technology/fortigate-vm-first-ngfw-and-secure-sd-wan-inte...
Looking at the url, you get the idea that you can put in a Fortigate scale set in the virtual wan hub. But, I am unable to find any way of actually doing this..
Looking for help, I find this:
With this statement: "..The FortiGate Next Generation Firewall (NGFW) can be deployed in security hub VNets connected to an Azure Virtual Hub to inspect all traffic.." .. Thats a very creative way of putting it.
Looking at the link, it looks like we have to create a dedicated vnet, and then put the fortigate there...add some udr's and you are good.. But still - is this not very misleading from Fortinet ? ... I cant se any way of actually putting a Fortigate in the hub itself ?
Anyone tried to navigate trough this....stuff.. :)
I'm going off of
Which seems to imply it's in the hub, but preview. I reached out to the e-mail address added in the screenshot to see. Did you progress any on this?
I am trying the platform firewall as a securehub, have some dev workloads running on it and just sitting pretty much idle i'm forcasted to be at 1700.00 for the month just for the Azure firewall premium piece. I'm not looking at other options as I didn't like the NVA hacks of the traditional hub/spoke design. Whatever alternative needs to be IN THE HUB. Documentation seems very sparse on it.
Hi,
I currently deploy HA Active/Passive FGT's with Azure in 4 different regions the regions are connected via a VWAN network of 5 hubs.
just for the firewall deploment you create a single vnet with 4 subnets
outside
inside
HA
Mgmt
a load balancer is required on the inside interface and the outside interface.
this works fairly well and I have SSL VPN with Azure SAML auth running using global traffic manager to push users to their local region and provide failover in the case of an outage on one of the hubs
This is not "integrated" with the hub and uses UDR tables and Custom tables on the hub to redirect traffic to the FGT's
I think what is referenced above is still in preview as you cannot select the Fortinet NVA from the portal. it just takes you to the blog posts above.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.