Azure's "VWAN" integrates with a number of security partners, Fortinet are one of them. Fortinet offer SD-WAN as a managed application (Network Virtual Appliance) that deploys into an Azure VWAN and talks BGP with the VWAN hub allowing for exchange of routes between your on-prem, azure VNets and SD-WAN branch locations. The NVAs (a pair of VMs are deployed) are managed by Fortimanager. To access the NVAs shell, you must connect using the Fortimanager Web UI. There's no other way to interact with the SD-WAN NVAs...
Along with connecting to the NVA's shell, it's also possible to reboot them and shut them down... And here's my problem....
I shut one of the SD-WAN NVAs down while testing/troubleshooting but I cannot find a way to restart it! I cannot find a "restart" button in Azure for the SD-WAN managed application and when i tried using "Start-AzVM" PowerShell command i get error similar to... "Error: The client 'user(at)company.com' with object id 'xxx-xxx-xxx-xxx' has permission to perform action 'xxx.xxx/xxx/xxx' on scope 'xxxx'; however, the access is denied because of the deny assignment with name 'System deny assignment created by managed application"
And that error happens because there is a "Deny assignment" in the permissions (IAM) of the managed resource group associated with the Fortinet SD-WAN "managed application"
So I can deploy SD-WAN and integrate with Azure VWAN but if the VM is stopped, I have no way of restarting it (I also tried "Reset Hub" in Azure VWAN Virtual Hub)
Does anyone have any ideas?
Solved! Go to Solution.
User should be able to restart the NVA from the azure portal now.
Azure Virtual WAN: Restart a Network Virtual Appliance (NVA) in the hub | Microsoft Learn
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for someone to help you.
We will come back to you ASAP.
Hello,
Could you please have a look at this document and tell me if it is helping?:
https://azure.microsoft.com/fr-fr/blog/networking-needs-simplified-with-azure-virtual-wan/
Regards,
Hi Antony,
I've spoken to Azure and Fortigate support who have confirmed that it is not currently possible for a customer to restart a failed NVA deployed as a Managed Application in Azure VWAN. A ticket needs to be raised with Azure support who will then contact their engineering team "who should" be able to restart it
I certainly couldn't recommend deploying this Fortinet product to customers with this known limitation
Thanks for your help
wow - that's really something :)
Hellom
Thank you for your feedback.
Regards,
User should be able to restart the NVA from the azure portal now.
Azure Virtual WAN: Restart a Network Virtual Appliance (NVA) in the hub | Microsoft Learn
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.