search

fortinet / azure-templates

A set of Azure Templates for getting you started in Azure with Fortinet.
MIT License
94 stars 100 forks source link

Couldn’t deploy Fortigate VM from Azure marketplace using any of the instance recommended and available for 2vCPU #66

Open RohanJ123570 opened 2 months ago

RohanJ123570 commented 2 months ago
  1. A detailed problem description. : The error screen shot mentioned ATTACHED is related to Azure instance type (D2sv3) selected for Fortigate deployment , may be because the instance is not available . This is the part number we purchased : 8 x FG-VM_S (2XCPU) UTP Screenshot_2024-08-07_124444

    What we are trying to do is to deploy the whole system (including Load Balancers) via Azure Marketplace and this specific option: Then we follow the “wizard” completing all relevant information: At some point we are asked to select Instance type and we select what is mentioned in Fortinet datasheet, D2sV5. The process continues and when we arrive to final validation we get this error stating that this instance type is not in the allowed list. The problem here is that there is no other instance with 2vCPUs and similar parameters and the smallest one is a 4vCPUs, which basically doubles the cost in compute for us having a license for 2vCPUs.

(REFER attached WORD FILE for Screenshot explanation) 9783412(1).docx

jvhoof commented 2 months ago

Hi @RohanJ123570,

Thank you for opening this issue. Which template are you trying to deploy? Given you want to deploy with load balancers you would either want to deploy Active/Passive or Active/Active. The Active/Passive with load balancer deployment requires 4 nics (external, internal, ha sync, ha mgmt). 4 nics are linked to the number of physical CPUs linked to the VM. For F-series and Dv2 series there is no hyperthreading so a 4 CPU VM supports 4 nics. For all newer instance types like Fv2, Dv3 and above, hyperthreading is enabled and 8 vCPUs are required to receive 4 nics. You can find the number of nics per system.

https://learn.microsoft.com/en-us/azure/virtual-machines/dv5-dsv5-series

You can deploy an instance in Azure with more vCPUs (e.g. 4 or 8) but run a smaller license (2 vCPU). FortiGate will only use the 2 vCPU allowed according to the license.

An alternative is to combine the HA sync and HA mgmt nics which is supported in the latest versions of FortiGate as well as combine external and internal interfaces. This is however not a deployment possible via the Azure Marketplace.

Hopefully this gives you some insight into the reason the validation and deployment failed.

It would be good to connect with your local SE or connect via azure@fortinet.com if you require further clarification.

Regards,

Joeri