Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AzureBloke
New Contributor

How to restart Fortinet SD-WAN when deployed as NVAs in Azure VWAN (as Managed application)

Azure's "VWAN" integrates with a number of security partners, Fortinet are one of them. Fortinet offer SD-WAN as a managed application (Network Virtual Appliance) that deploys into an Azure VWAN and talks BGP with the VWAN hub allowing for exchange of routes between your on-prem, azure VNets and SD-WAN branch locations. The NVAs (a pair of VMs are deployed) are managed by Fortimanager. To access the NVAs shell, you must connect using the Fortimanager Web UI. There's no other way to interact with the SD-WAN NVAs...

Along with connecting to the NVA's shell, it's also possible to reboot them and shut them down... And here's my problem....

I shut one of the SD-WAN NVAs down while testing/troubleshooting but I cannot find a way to restart it!  I cannot find a "restart" button in Azure for the SD-WAN managed application and when i tried using "Start-AzVM"  PowerShell command i get error similar to... "Error: The client 'user(at)company.com' with object id 'xxx-xxx-xxx-xxx' has permission to perform action 'xxx.xxx/xxx/xxx' on scope 'xxxx'; however, the access is denied because of the deny assignment with name 'System deny assignment created by managed application"

And that error happens because there is a "Deny assignment" in the permissions (IAM) of the managed resource group associated with the Fortinet SD-WAN "managed application"

So I can deploy SD-WAN and integrate with Azure VWAN but if the VM is stopped, I have no way of restarting it (I also tried "Reset Hub" in Azure VWAN Virtual Hub)

Does anyone have any ideas?

6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

Could you please have a look at this document and tell me if it is helping?:

 

https://azure.microsoft.com/fr-fr/blog/networking-needs-simplified-with-azure-virtual-wan/

 

Regards,

Anthony-Fortinet Community Team.
AzureBloke

Hi Antony,

 

I've spoken to Azure and Fortigate support who have confirmed that it is not currently possible for a customer to restart a failed NVA deployed as a Managed Application in Azure VWAN. A ticket needs to be raised with Azure support who will then contact their engineering team "who should" be able to restart it

 

I certainly couldn't recommend deploying this Fortinet product to customers with this known limitation

 

Thanks for your help

vinceneil666-01

wow - that's really something :) 

---
---
Anthony_E
Community Manager
Community Manager

Hellom

 

Thank you for your feedback.

 

Regards,

Anthony-Fortinet Community Team.
Top Kudoed Authors