Bootstrap Configuration Example for FortiGate Firewall in Azure

Using the bootstrap option significantly simplifies Fortinet FortiGate initial configuration setup.

In this document, we provide a bootstrap example to set up an "Allow All" firewall policy, firewall health check policy and static routes for the FortiGate to validate that traffic is indeed sent to the FortiGate for VNet-to-VNet traffic inspection.

For a manual setup, follow the manual setup example.

There are two ways to configure Fortinet FortiGate via bootstrap configuration.

After you enable bootstrap configuration for your Azure-based FortiGate firewall, you can select either Azure Storage or User Data. If you select Azure Storage, you must first:

If you select User Data, click here to complete the bootstrap configuration.

Completing the Firewall Launch

If you selected Azure Storage, fill in the required fields.

Advanced Field	Example Value
Storage	Azure Storage Name (e.g. transitbootstrapstorage)
Container	Private Container Name (e.g. fortigatebootstrap)
SAS URL Config	SAS Config URL (as per the steps provided here)
SAS URL License	SAS License URL (as per the steps provided here)

Advanced Field

Example Value

Storage

Azure Storage Name (e.g. transitbootstrapstorage)

Container

Private Container Name (e.g. fortigatebootstrap)

SAS URL Config

SAS Config URL (as per the steps provided here)

SAS URL License

SAS License URL (as per the steps provided here)

Ready to Go

Now your firewall instance is ready to receive packets.

The next step is to validate your configurations and polices using FlightPath and Diagnostic Tools (ping, traceroute etc.).

Launch one instance in PROD Spoke VNet and one in DEV Spoke VNet. Start pinging packets from an instance in DEV Spoke VNet to the private IP of another instance in PROD Spoke VNet. The ICMP traffic should go through the firewall and be inspected in the firewall.