PSA for FortiGate VM's in Azure crashing or going offline after updating configuration
I built a FortiGate VM04 6.4.6 in Azure and ran into this nifty little bug that I wanted to document because I couldn't find anything on it. The configuration was all set in place and ready to go and we had just finished adding the last additional interfaces for HA and Management when I updated the static route for the LAN and lost connectivity to the device. I connected in through Azure's Console and saw that the configuration had took but I couldn't ping anything and the device said all interfaces were down. A reboot let me back in and the config had stuck. I assumed it was a bad VM and rebuilt it, pushed the old config and then added an address object. The VM went down again. Rebuilt the VM, added another address object, VM went down.
After rebuilding the device another time using 6.4.5 and going into the events and debugging with Fortinet, we identified that DHCP was enabled on the HA and Management ports, which was not recommended. The technician then noticed that the route created after any configuration change would pull Azure's DHCP and default gateway, overriding ours somehow and booting us out. I'm not sure why all the interfaces would also fail but after setting the HA and MGMT ports to static, the issue did not appear.
Factory resetting an Azure FortiGate will create DHCP interfaces. Creating new interfaces may sometimes create DHCP interfaces (wasn't able to recreate). While it's recommended to use DHCP for VM's in Azure, do not use DHCP for FortiGate VM's.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.