install fortigatein azure and build a vpn tunnel to the data center over expressRoute

configure a user defined route table

enable the redirect option in expressroute to send data center traffic to user defined route table

configure the gateway subnet as the subnet in the user-defined route table

define a default route where the next hop ip is the fortigate wan interface

network ACLS are stateless and inbound and outbound rules are used for traffic filtering

network ACLS are stateful and inbound and outbound rules are used for traffic filtering

network ACLS must be manually applied to virtual network interfaces

network ACLS support allow rules and deny rules

Action

Sequence number

source and destination ip ranges

destination port ranges

source port ranges

the LUN ID is not defined

Fortigate VM does not support managed DISK from Azure

the caching parameter should be none

the create options parameter should be fromImage

configure fortios to use static ip addresses with the ip addresses reflected in the ENI primary IP address configuration (as per the exhibit)

Delete the deployment and start again you have in put the wrong parameters during the cloud formation template deployment

configure fortios to use DHCP so that it will get the correct IP adresses on the ports

nothing in AWS cloud it is normal for a fortigate ENI primary ip address to be different that the fortios IP address configuation

implement the fortigate VM network virtual appliance NVA in the hub and use user defined toutes UDRs in the spokes

use ExpressRoute to interconnect the hub VNets and spoke VNets

configure Vnet peering between the spokes only

configure Vnet peering between the hub and spokes

SSTENTAZFGT-03-FloatingPIP is assingned to the ip configuration with the same SSTENTAZFGT-0302-NIC-01 under the network interface SSTENTAZFGT-0302-NIC-01

172.29.32.71 is set as next hop IP for all routes under fortigateUDR-01

the network interface of the active unit moves to itself

SSTENTAZFGT-03-FloatingPIP public ip is a assigned to NIC SSTENTAZFGT-0302-NIC-01