fortinet/azure-templates

Unable to Connect To FortiGates via GUI or FortiManager

nikos1011 opened this issue · 2 comments

nikos1011 commented

We're experiencing an issue when deploying the active/active with ELB and ILB configuration using Terraform as the deployment method.

We can execute the deployment fine but are unable to connect to either FortiGate via the web GUI or FortiManager afterwards. Web GUI just times out and FortiManager just responds with Probe Failure. In both scenarios, we are trying to connect to them from within the internal network (i.e. - to the FortiGate IPs on the internal subnet). I have also tried connect to them using the public IP address with the port suffix (i.e. - using the inbound NAT rules of 40030, 40031).

I've deployed this solution (using the same code) within two separate Tenants and it works in one (a test Sub) but doesn't in the other (customer Sub). The only thing that stands out is that the FortiGate's (where the issue occurs) are reporting "virtual machine agent status is not ready" but in the working Sub I don't receive this error.

So it would seem that the agent hasn't installed/enabled on one set of FortiGates but has on the others, but I cannot see any obviously reason why? The two deployments are almost identical (the only difference is the naming of the subnets).

Any guidance on what maybe causing this would be fabulous! Please shout if you require any additional info.

jvhoof commented

Hi,

Thank you for opening this issue. The agent needs to report the status back to the azure platform. If you don't have access to the units then most likely the outbound traffic is also blocked. This sounds like an issue specific to the customers environment. Can you validate the following points in your customers environment?

  • Connect via serial console and try an outbound connection, use diag sniffer packet to look for inbound packets and verify routing.
  • Azure Portal: Verify effective routes for all interfaces
  • Azure Portal: Verify any additional NSGs installed on the subnets you are installing into

Regards,

Joeri

jvhoof commented

Closing for now due to activity. Feel free to reopen the issue or open a new one in case you continue to have these issues.

Joeri