This recipe is part of the process of deploying FortiGate HA Active Active for Microsoft Azure using Azure load balancer. See below for the rest of the recipes in this process:
- Basic concepts
- Traffic flow
- Azure load balancer
- Inbound NAT rules
- Load balancing rules
- Locate FortiGate HA for Azure in the Azure portal or Azure marketplace
- Determine your licensing model
- Configure FortiGate initial parameters
- Create VNet and subnets in network settings
- Select Azure instance type
- Assign Azure IP address
- Validate deployment resources
- Create FortiGate instances
- Connect to the FortiGate
- [Use case] Set up a Windows Server in the protected network
- Configure FortiGate firewall policies and virtual IPs
- [Failover test] Create load balancing rules and access the Windows Server via remote desktop
- First, configure FortiGate A. In the FortiGate-VM console, select Policy & Objects > IPv4 Policy and create two new policies, as shown in this example. Create one policy for outgoing traffic from the private subnet, through the public subnet, to the Internet. Create another policy for incoming traffic from the Internet, through the public subnet, to the private subnet.
![]()
![]()
- Select Virtual IPs and create a new virtual IP, as shown in the example. This is Static NAT configuration.
![]()
- Edit the second policy. In the Destination field, enter the Windows Server’s IP address. In this example, it is 10.0.1.6.
- Repeat the same configuration on FortiGate B to have a virtual IP address for RDP and IPv4 firewall policies for incoming and outgoing traffic.
The post Configure FortiGate firewall policies and virtual IPs appeared first on Fortinet Cookbook.