Fortigate - Availability Zone Templates have previous 6.0.0 version, please upgrade to new version 7+

[desmphil]

azure-templates/FortiGate/AvailabilityZones/Active-Passive-ELB-ILB-AZ/

[desmphil]

"fortiGateImageVersion": {
  "type": "string",
  "defaultValue": "latest",
  "allowedValues": [
    "6.2.0",
    "6.2.2",
    "6.2.4",
    "6.2.5",
    "6.4.0",
    "6.4.2",
    "6.4.3",
    "6.4.5",
    "latest"
  ],
  "metadata": {
    "description": "Only 6.x has the A/P HA feature currently"
  }

[jvhoof]

Hi,

We have migrated the AZ functionality into the main templates that only supported Availabilty Sets. The templates on the directory you mentioned will be removed shortly.

https://github.com/40net-cloud/fortinet-azure-solutions/tree/main/FortiGate/Active-Passive-ELB-ILB

Regards,

Joeri

[desmphil]

HI Great,

Is there a way to deploy the solution without the requirements of having /26 and /27 subnet.

When the client as a VNET limited to a /24 where only two fortigate will ever be installed. Low V-IP using /28 would be way enough.

Especially for the MGMT interface.

Food for thoughts.

Philippe Desmarais Expert Solutions Microsoft @. @. WWW.IT5.CAhttp://WWW.IT5.CA [SignatureCompagnyPhil_Red_300]

From: Joeri @.> Sent: March 24, 2022 3:08 PM To: fortinet/azure-templates @.> Cc: Philippe Desmarais @.>; Author @.> Subject: Re: [fortinet/azure-templates] Fortigate - Availability Zone Templates have previous 6.0.0 version, please upgrade to new version 7+ (Issue #39)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi,

We have migrated the AZ functionality into the main templates that only supported Availabilty Sets. The templates on the directory you mentioned will be removed shortly.

https://github.com/40net-cloud/fortinet-azure-solutions/tree/main/FortiGate/Active-Passive-ELB-ILB

Regards,

Joeri

— Reply to this email directly, view it on GitHubhttps://github.com/fortinet/azure-templates/issues/39#issuecomment-1077955962, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALREHAKCXO5RQKHHE3PKYXDVBS4QHANCNFSM5RRNFJTA. You are receiving this because you authored the thread.Message ID: @.***>

[jvhoof]

Hi Philippe,

The minimum requirement of the different subnets is /29 which is the minimum required subnet size for Azure.

Using the Azure Portal wizard, we use larger subnet sizes but they are selected as customers might want to expand with different services in the external subnet. But you can change the suggestions to another size with a minimum of /29.

If you select the 'Standard Custom Template Deployment' you are not restricted to the Azure Portal UI and you can type in the requires size as long as it is /29 or larger.

Hope this helps in your deployment,

Joeri

[desmphil]

All worked,

Customized the template with Azure Devops. Active Passive. Renamed a few objects to meet corporate governance.

The only issue so far is that both (instance) end up with role HA as primary, like if they don’t talk to each other on port 3 and port 4 (mgmt).

However all other config did apply successfully as documented in this section.

https://github.com/fortinet/azure-templates/tree/main/FortiGate/Active-Passive-ELB-ILB/doc

Im investigating why after deployment both FGA and FGB are HA as primary.

Philippe Desmarais Expert Solutions Microsoft @. @. WWW.IT5.CAhttp://WWW.IT5.CA [SignatureCompagnyPhil_Red_300]

From: Joeri @.> Sent: March 27, 2022 6:25 PM To: fortinet/azure-templates @.> Cc: Philippe Desmarais @.>; Author @.> Subject: Re: [fortinet/azure-templates] Fortigate - Availability Zone Templates have previous 6.0.0 version, please upgrade to new version 7+ (Issue #39)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Philippe,

The minimum requirement of the different subnets is /29 which is the minimum required subnet size for Azure.

Using the Azure Portal wizard, we use larger subnet sizes but they are selected as customers might want to expand with different services in the external subnet. But you can change the suggestions to another size with a minimum of /29.

If you select the 'Standard Custom Template Deployment' you are not restricted to the Azure Portal UI and you can type in the requires size as long as it is /29 or larger.

Hope this helps in your deployment,

Joeri

— Reply to this email directly, view it on GitHubhttps://github.com/fortinet/azure-templates/issues/39#issuecomment-1080031756, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALREHAIXY64A6FSXHHY2KRTVCDU3NANCNFSM5RRNFJTA. You are receiving this because you authored the thread.Message ID: @.***>

[jvhoof]

Hi,

Seems the deployment succeeded. Did you get find a reason for HA primary vs secondary issue?

Regards,

Joeri

[desmphil]

Allright this is fixed..

Can you add to the troubleshooting note that the HA (config) will not work if both FortiGate end up with the same licences. My deployment ended up with the same lic file.

Thank you.

Philippe Desmarais Expert Solutions Microsoft @. @. WWW.IT5.CAhttp://WWW.IT5.CA [SignatureCompagnyPhil_Red_300]

From: Philippe Desmarais Sent: March 28, 2022 2:05 PM To: fortinet/azure-templates @.>; fortinet/azure-templates @.> Cc: Philippe Desmarais @.>; Author @.> Subject: RE: [fortinet/azure-templates] Fortigate - Availability Zone Templates have previous 6.0.0 version, please upgrade to new version 7+ (Issue #39)

All worked,

Customized the template with Azure Devops. Active Passive. Renamed a few objects to meet corporate governance.

The only issue so far is that both (instance) end up with role HA as primary, like if they don’t talk to each other on port 3 and port 4 (mgmt).

However all other config did apply successfully as documented in this section.

https://github.com/fortinet/azure-templates/tree/main/FortiGate/Active-Passive-ELB-ILB/doc

Im investigating why after deployment both FGA and FGB are HA as primary.

Philippe Desmarais Expert Solutions Microsoft @. @. WWW.IT5.CAhttp://WWW.IT5.CA [SignatureCompagnyPhil_Red_300]

From: Joeri @.**@.>> Sent: March 27, 2022 6:25 PM To: fortinet/azure-templates @.**@.>> Cc: Philippe Desmarais @.**@.>>; Author @.**@.>> Subject: Re: [fortinet/azure-templates] Fortigate - Availability Zone Templates have previous 6.0.0 version, please upgrade to new version 7+ (Issue #39)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Philippe,

The minimum requirement of the different subnets is /29 which is the minimum required subnet size for Azure.

Using the Azure Portal wizard, we use larger subnet sizes but they are selected as customers might want to expand with different services in the external subnet. But you can change the suggestions to another size with a minimum of /29.

If you select the 'Standard Custom Template Deployment' you are not restricted to the Azure Portal UI and you can type in the requires size as long as it is /29 or larger.

Hope this helps in your deployment,

Joeri

— Reply to this email directly, view it on GitHubhttps://github.com/fortinet/azure-templates/issues/39#issuecomment-1080031756, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALREHAIXY64A6FSXHHY2KRTVCDU3NANCNFSM5RRNFJTA. You are receiving this because you authored the thread.Message ID: @.**@.>>