Skip to content

RedeployAB/terraform-azurerm-fortigate-ha

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

.github/workflows

.github/workflows

 
 

modules/appliance

modules/appliance

 
 

tests/deployment

tests/deployment

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

bootstrap.conf

bootstrap.conf

 
 

locals.tf

locals.tf

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

resources.appliance.tf

resources.appliance.tf

 
 

resources.load_balancer.tf

resources.load_balancer.tf

 
 

variables.tf

variables.tf

 
 

Repository files navigation

Azure FortiGate Terraform Module

This module deploys a highly-available FortiGate appliance to a virtual network.

  • Pre-configured with the Azure SDN connector (using managed identity).
  • Supports customer-managed keys for disk encryption.
  • Can be used with both PAYG and BYOL.

Prerequisites

  • A resource group where you have Contributor access.
  • A virtual network with four subnets and pre-configured routing, which you have join access to.
  • A managed identity, which can see the network objects you want to reference in the FortiGate.

Example deployment

# Start by creating the referenced resources

module "fortigate" {
  source = "github.com/RedeployAB/terraform-azurerm-fortigate-ha?ref=v0.1.0"

  name                = "fgtvm"
  resource_group_name = azurerm_resource_group.fortigate.name
  location            = azurerm_resource_group.fortigate.location
  os_version          = "6.4.6"

  # Root credentials
  admin_username = random_string.appliance_admin.result
  admin_password = random_password.appliance_admin.result

  # Subnet references
  public_subnet_id  = azurerm_subnet.existing_network["public"].id
  private_subnet_id = azurerm_subnet.existing_network["private"].id
  hasync_subnet_id  = azurerm_subnet.existing_network["hasync"].id
  mgmt_subnet_id    = azurerm_subnet.existing_network["mgmt"].id

  # IP-address assignments
  cluster_ip_address                   = cidrhost(azurerm_subnet.existing_network["private"].address_prefixes[0], 4)
  active_public_interface_ip_address   = cidrhost(azurerm_subnet.existing_network["public"].address_prefixes[0], 4)
  active_private_interface_ip_address  = cidrhost(azurerm_subnet.existing_network["private"].address_prefixes[0], 5)
  active_hasync_interface_ip_address   = cidrhost(azurerm_subnet.existing_network["hasync"].address_prefixes[0], 4)
  active_mgmt_interface_ip_address     = cidrhost(azurerm_subnet.existing_network["mgmt"].address_prefixes[0], 4)
  passive_public_interface_ip_address  = cidrhost(azurerm_subnet.existing_network["public"].address_prefixes[0], 5)
  passive_private_interface_ip_address = cidrhost(azurerm_subnet.existing_network["private"].address_prefixes[0], 6)
  passive_hasync_interface_ip_address  = cidrhost(azurerm_subnet.existing_network["hasync"].address_prefixes[0], 5)
  passive_mgmt_interface_ip_address    = cidrhost(azurerm_subnet.existing_network["mgmt"].address_prefixes[0], 5)

  # Azure SDN managed identity
  user_assigned_identity_id = azurerm_user_assigned_identity.fortigate.id
}

See variables.tf for a complete list of the supported variables.

License

This module is licensed under the MIT License.

About

Terraform module of an active-passive FortiGate Azure NVA cluster.

Topics

azure terraform infrastructure-as-code network-security terraform-module

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Oct 10, 2021

Languages