skip to Main Content

I am new to Azure. I am using Terraform to deploy Azure virtual machines from marketplace images. The Azure Virtual Machine I’m deploying is a FortiGate firewall.

I want it to connect to FortiManager later on. How do I define this in terraform? I want to be able to use FortiManager IP Address and Serial Number.

Manually creating the firewall from Azure Marketplace looks like this:

enter image description here

Code:

resource "azurerm_linux_virtual_machine" "fgtvm" {
  name                 = var.fgt.name
  resource_group_name  = var.rg_name
  location             = var.location

  vm_size              = var.fgt.size
  zones                = var.fgt.zones

  admin_username       = "adminuser"
  admin_password       = "123password"

  network_interface_id = azurerm_network_interface.fgt_nic.id
  
  storage_image_reference {
    publisher = var.fgt.image.publisher
    offer     = var.fgt.image.offer
    sku       = var.fgt.image.sku
    version   = var.fgt.image.version
  }

  plan {
    name      = var.fgt.image.sku
    publisher = var.fgt.image.publisher
    product   = var.fgt.image.offer
  }


  os_disk {
    caching               = var.fgt.os_disk.caching
    storage_account_type  = var.fgt.os_disk.storage_account_type
  }

}

2

Answers


  1. I want to connect to FortiManager later. I want to be able to use FortiManager IP Address and Serial Number.

    You can make use of below sample cmdlet for Ip address

    provider "fortimanager" 
      hostname     = "10.50.0.132/24"
      username     = "admin"
      password     = "SecurePassw0rd"
      insecure     = "true"
     
      scopetype    = "vdomtest"
      adom         = "root"
    }
     
    terraform {
      required_providers {
        fortimanager = {
          source  = "fortinetdev/fortimanager"
        }
      }
    }
    

    Reference: Docs overview | fortinetdev/fortios | Terraform Registry

    While creating manually in Fortinet FortiGate next generation firewall you need to set connect fortimanager as NO. once you deployed Fortinet FortiGate use your fortinet Virtual Machine public Ip address to login firewall like below.

    enter image description here

    Use this Ip address and open in new tab URL -> click advance -> proceed -> login username and password. if you want to use FortiManager to manage this FortiGate, If you need to use FortiManager IP Address and Serial Number. once the FortiGate portal has open you can see serial number in status and main option.

    enter image description here

    If you do not see the serial in the console, you need to reboot the Fortigate VM from the Cloud Control Panel. After the reboot, you should see the serial number displayed in the console.

    To see FortiGate Ip address click interface under Network

    enter image description here

    Reference: FortiGate deployment guide – Microsoft Entra | Microsoft Docs


    Alternatively, you can make use of Azure CLI command as below

    config system interface #To visbile ip address
    edit ?
    get system status       # to see staus of DHCP including serical number
    
    Login or Signup to reply.
  2. the form you can see when deploying from the Marketplace is turned into bootstrap configuration passed to the newly created FGT via instance metadata (user-data). Unfortunately, the source code is a bit hard to read due to ARM templates formatting, so often the easiest way to read compiled bootstrap configuration is to actually deploy and check the metadata.

    In this case, you need a configuration block like this:

    config system central-management
      set type fortimanager
      set fmg ${var.fortiManagerIP}
      set serial-number ${var.fortiManagerSerial}
    end
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search