FortiGate VMs for Azure Autoscale

Questions and Answers

Which option is recommended for ensuring the best protection and avoiding the administrative burden of managing multiple VPN platforms?

• Using FortiGate on the Azure side only
• Using FortiGate on the local network only
• Using a different VPN platform on both ends
• Using FortiGate on both ends (correct)

What can be deployed on either end of the connection for scenarios that require high availability?

• FortiGate VM
• FortiGate H-A clusters (correct)
• Static routes
• Azure VPN gateway

What must be created on the Azure side for connecting a Local FortiGate to Azure VPN Gateway?

• VPN gateway connection
• At least one subnet
• Gateway subnet (correct)
• Local network gateway

What type of virtual network gateway is used in this course?

VPN gateway (B)

What should be done to ensure connectivity between both sides?

Configure routing correctly on the local FortiGate (A)

What is one of the components that must be created on the Azure side?

Local network (B)

What type of configuration steps are required on each side of the connection?

Different set of configuration steps (A)

What can be used for more complex scenarios instead of static routes?

BGP (C)

What is the purpose of the image shown on the slide?

To illustrate the Azure components that must be created (A)

What type of VPN gateway is used in the topology shown in the image?

Azure VPN gateway (D)

Which component is responsible for handling all the autoscaling features, including role assignment, license distribution, and failover management?

Azure Function App (D)

What is used to keep the initial configuration for new FortiGate VM instances, as well as the BYOL licenses?

Blob Storage (B)

Which option allows you to create a site-to-site IPsec VPN connection with Azure using FortiGate?

FortiGate in your local network and Azure VPN Gateway on the Azure side (C)

What is required to deploy FortiGate VMs to support Azure Autoscale?

Virtual machine scale sets (VMSSs) (A)

Which Fortinet package is provided to facilitate the deployment of FortiGate Autoscale for Azure?

FortiGate Autoscale for Azure deployment package (D)

What does FortiGate-native H-A features, such as config-sync, achieve in the autoscaling process?

Synchronizes OS configurations across multiple FortiGate-VM instances (C)

What information is stored in the Cosmos DB tables in relation to the FortiGate Autoscale deployment?

Health check monitoring information (C)

What is the purpose of the FortiGate VM instances forming a VMSS?

To provide efficient clustering at times of high workloads (B)

What combination of licensing can be used for the FortiGate Autoscale deployment in Azure?

Bring Your Own License (BYOL) and Pay-As-You-Go (PAYG) (D)

Which component is responsible for establishing a site-to-site IPsec VPN connection with Azure using FortiGate?

FortiGate VM (B)

Study Notes

VPN Protection and Management

• Recommended option for optimal protection is to utilize a unified VPN solution to minimize administrative overhead associated with multiple platforms.
• High availability scenarios require deployment of FortiGate appliances at both ends of the VPN connection.

Azure and FortiGate Connectivity

• An Azure Virtual Network Gateway must be created for establishing a connection with a Local FortiGate device.
• A VPN Gateway is typically used in these configurations to facilitate secure communications.

Ensuring Connectivity

• Proper configurations on both sides of the connection are essential to ensure seamless connectivity.
• Key components that need establishment on the Azure side include Network Security Groups and Virtual Network Gateways.

Configuration and Routing

• On both sides of the VPN connection, setup steps involve configuring firewalls, IP addresses, and routing methods.
• For complex routing scenarios, dynamic routing protocols can be utilized instead of relying solely on static routes.

Autoscale and Management Features

• The image on the slide likely illustrates the architectural layout of FortiGate in an Azure environment.
• The VPN gateway shown in the topology manages secure communications between different network segments.

Autoscaling and Licensing Management

• FortiGate VM instances within a Virtual Machine Scale Set (VMSS) are managed to support autoscaling capabilities, including dynamic scaling based on demand.
• The component responsible for autoscaling features includes automatic role assignment and license distribution.

Configuration Preservation

• Initial configurations and BYOL (Bring Your Own License) licenses are retained for new FortiGate VM instances to ensure consistency during deployment.
• FortiGate-native high availability features like configuration synchronization enhance the autoscaling process by maintaining consistent settings across instances.

Cosmos DB and Licensing

• Cosmos DB tables store essential information related to the FortiGate Autoscale deployment, enabling efficient resource management.
• A combination of subscription and pay-as-you-go licensing can be applied to FortiGate Autoscale deployments in Azure.

Site-to-Site VPN Establishment

• A dedicated component is in place to facilitate the creation of a site-to-site IPsec VPN connection with Azure utilizing FortiGate, ensuring secure communication pathways.

Description

Test your knowledge on deploying FortiGate VMs for Azure Autoscale. Learn about virtual machine scale sets, network-related components, and Azure Function App scripts. Explore the FortiGate Autoscale deployment package from Fortinet.