I am new to Azure. I am using Terraform to deploy Azure virtual machines from marketplace images. The Azure Virtual Machine I’m deploying is a FortiGate firewall.
I want it to connect to FortiManager later on. How do I define this in terraform? I want to be able to use FortiManager IP Address and Serial Number.
Manually creating the firewall from Azure Marketplace looks like this:
Code:
resource "azurerm_linux_virtual_machine" "fgtvm" {
name = var.fgt.name
resource_group_name = var.rg_name
location = var.location
vm_size = var.fgt.size
zones = var.fgt.zones
admin_username = "adminuser"
admin_password = "123password"
network_interface_id = azurerm_network_interface.fgt_nic.id
storage_image_reference {
publisher = var.fgt.image.publisher
offer = var.fgt.image.offer
sku = var.fgt.image.sku
version = var.fgt.image.version
}
plan {
name = var.fgt.image.sku
publisher = var.fgt.image.publisher
product = var.fgt.image.offer
}
os_disk {
caching = var.fgt.os_disk.caching
storage_account_type = var.fgt.os_disk.storage_account_type
}
}
2
Answers
You can make use of below sample cmdlet for Ip address
Reference: Docs overview | fortinetdev/fortios | Terraform Registry
While creating manually in Fortinet FortiGate next generation firewall you need to set connect fortimanager as NO. once you deployed Fortinet FortiGate use your fortinet Virtual Machine public Ip address to login firewall like below.
Use this Ip address and open in new tab URL -> click advance -> proceed -> login username and password. if you want to use FortiManager to manage this FortiGate, If you need to use FortiManager IP Address and Serial Number. once the FortiGate portal has open you can see serial number in status and main option.
If you do not see the serial in the console, you need to reboot the Fortigate VM from the Cloud Control Panel. After the reboot, you should see the serial number displayed in the console.
To see FortiGate Ip address click interface under Network
Reference: FortiGate deployment guide – Microsoft Entra | Microsoft Docs
Alternatively, you can make use of Azure CLI command as below
the form you can see when deploying from the Marketplace is turned into bootstrap configuration passed to the newly created FGT via instance metadata (user-data). Unfortunately, the source code is a bit hard to read due to ARM templates formatting, so often the easiest way to read compiled bootstrap configuration is to actually deploy and check the metadata.
In this case, you need a configuration block like this: