Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vincenei666
New Contributor

Created on ‎01-31-2022 05:08 AM Edited on ‎01-31-2022 05:09 AM

Fortigate, Azure vWAN

I am having a hard time figuring out exactley what the Azure vWAN is all about ? I DO get the vWAN itself, njust not the Fortigate part of it.

 

After creating a vWAN and a hub, you get the option to add on a virtual appliance - fortinet is one of the choices here. But when you cliock it - it brings you here:
https://www.fortinet.com/blog/business-and-technology/fortigate-vm-first-ngfw-and-secure-sd-wan-inte...

 

Looking at the url, you get the idea that you can put in a Fortigate scale set in the virtual wan hub. But, I am unable to find any way of actually doing this..

 

Looking for help, I find this:

https://www.fortinet.com/blog/business-and-technology/fortinet-secure-sd-wan-enhances-azure-virtual-...

 

With this statement: "..The FortiGate Next Generation Firewall (NGFW) can be deployed in security hub VNets connected to an Azure Virtual Hub to inspect all traffic.." .. Thats a very creative way of putting it.

 

Looking at the link, it looks like we have to create a dedicated vnet, and then put the fortigate there...add some udr's and you are good..  But still - is this not very misleading from Fortinet ? ... I cant se any way of actually putting a Fortigate in the hub itself ? 

 

Anyone tried to navigate trough this....stuff.. :) 

Labels:
1330
0 Kudos
2 REPLIES 2
jugganutz
New Contributor

Created on ‎02-17-2022 09:14 AM

I'm going off of 

jugganutz_0-1645117920956.png

Which seems to imply it's in the hub, but preview. I reached out to the e-mail address added in the screenshot to see. Did you progress any on this?

I am trying the platform firewall as a securehub, have some dev workloads running on it and just sitting pretty much idle i'm forcasted to be at 1700.00 for the month just for the Azure firewall premium piece. I'm not looking at other options as I didn't like the NVA hacks of the traditional hub/spoke design. Whatever alternative needs to be IN THE HUB. Documentation seems very sparse on it. 

1229
0 Kudos
dragon8_uk
New Contributor
In response to jugganutz

Created on ‎08-08-2022 05:24 AM

Hi, 

 

I currently deploy HA Active/Passive FGT's with Azure in 4 different regions the regions are connected via a VWAN network of 5 hubs. 

 

just for the firewall deploment you create a single vnet with 4 subnets 

outside 

inside

HA 

Mgmt 

a load balancer is required on the inside interface and the outside interface. 

this works fairly well and I have SSL VPN with Azure SAML auth running using global traffic manager to push users to their local region and provide failover in the case of an outage on one of the hubs

 

This is not "integrated" with the hub and uses UDR tables and Custom tables on the hub to redirect traffic to the FGT's 

 

I think what is referenced above is still in preview as you cannot select the Fortinet NVA from the portal. it just takes you to the blog posts above. 

774
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.