AzureFeeds

In this guest blog post, Srija Reddy Allam, a cloud security architect at Fortinet, explores how Azure Virtual WAN simplifies networking and how integrating FortiGate Next-Generation Firewall, available in Azure Marketplace, enhances security and performance for seamless, scalable connectivity across distributed environments.

Nowadays, many rapidly growing enterprises span multiple countries. With growth comes the need to scale network infrastructure across multiple regions and adopt multi-cloud architectures. Connecting branch offices, remote users, datacenters, and cloud workloads introduces networking complexity and security challenges. These environments are usually deployed using a hub-and-spoke model to centralize connectivity and simplify management.

These traditional hub-and-spoke models often struggle to keep up with evolving networking demands. As environments become more distributed and dynamic, these architectures can introduce operational overhead, increase latency, create network bottlenecks, and complicate routing and traffic flows. In many cases, they also leave traffic between regions less secure and harder to manage.

Adopting cloud-native networking: Azure Virtual WAN

To streamline connectivity across hybrid and cloud environments, many enterprises are turning to cloud-native networking models, such as Azure Virtual WAN (VWAN). VWAN centralizes and simplifies routing across globally distributed resources through a unified transit architecture, acting as a scalable hub for connecting Azure Virtual Networks (VNets), remote users, and on-premises environments. It integrates multiple networking, security, and routing functionalities into a single, unified cloud-native architecture. 

While VWAN addresses many connectivity challenges, securing traffic across all these paths remains a top concern. Organizations require more than just basic routing and VPN. They need deep visibility, encrypted communication, threat prevention, and consistent policy enforcement across cloud and hybrid networks.

Securing both North-South (internet-bound) and East-West (inter-VNet) traffic is often critical, especially to achieve zero trust architectures. The ability to inspect traffic, enforce segmentation, and protect workloads with minimal latency is becoming a foundational requirement.

Boost security and networking capabilities with Fortinet FortiGate and Azure VWAN

As a cloud security architect at Fortinet, I’ll outline how Fortinet FortiGate integrates with Azure VWAN to enhance network security and performance. 

Fortinet FortiGate Next-Generation Firewall (NGFW) in Azure Marketplace offers a wide range of capabilities, including advanced networking, SD-WAN, IPsec, and SSL VPN functionalities, alongside robust security features such as intrusion prevention and detection, antivirus, web and video filtering, SSL inspection, and more. While FortiGate can be deployed as a virtual machine in public cloud environments, its integration with Azure VWAN  enhances both security and networking capabilities.

How Fortinet integration solves these problems

1. Enhanced security: Fortinet FortiGate adds advanced threat protection, intrusion prevention, and secure application access to Azure VWAN.


2. Secure SD-WAN: Integrates with VWAN to provide intelligent traffic routing, ensuring optimal performance and bandwidth usage.


3. Centralized policy management: Fortinet tools, such as FortiManager, a centralized platform for managing FortiGate devices and automating routine tasks, enables unified and streamlined management of security policies across the Azure VWAN. This ensures consistent policy enforcement, reduces administrative overhead, and enhances operational efficiency.


4. Seamless connectivity: Combines VWAN’s centralized networking with Fortinet’s security to ensure secure, high-performance connections across all environments.


5. Compliance support: Fortinet’s security features help organizations meet regulatory and compliance requirements.

FortiGate seamlessly integrates with Azure VWAN

 FortiGate in Azure VWAN can be deployed as a managed application directly through the Azure portal. Once deployed, the FortiGate user interface is accessible via the public IP address assigned to the virtual machines, allowing seamless management and configuration. However, it is recommended to have FortiGates onboarded to FortiManager, enabling centralized management for streamlined operations across multiple deployments.

The FortiGate can be integrated into VWAN in two ways:

1. Next Generation Firewall (NGFW) offering


2. SDWAN and NGFW offering

NGFW offering provides efficiency, security

The FortiGate NGFW offering is ideal for customers with workloads distributed across Azure VNets in multiple regions that are peered with Azure VWAN. In this architecture, FortiGate serves as the ingress and egress point, inspecting all traffic entering and leaving the Azure environment. By dynamically learning about Azure VNets connected to the VWAN hub through BGP peering with the VWAN hub router, FortiGate ensures efficient and secure traffic management across regions.

For North-South traffic inspection, FortiGate NGFW secures workloads that need to be exposed to the internet, effectively handling Destination Network Address Translation (DNAT) scenarios. In the DNAT scenarios traffic can be load balanced through the Azure Server/External Load balancer (SLB/ELB) to FortiGates that are in Active-Active setup. The load balancing rules on the SLB are created on the FortiManager. Once the policy installation is completed from FortiManager to FortiGate, the rules will be created on the Azure portal orchestrated through the API call from the FortiGate. This functionality ensures secure and efficient management of inbound and outbound traffic for publicly accessible services, protecting against potential threats.

Additionally, FortiGate supports East-West traffic inspection by enabling micro-segmentation within Azure. This provides granular control over communication between VNets, ensuring secure and efficient traffic flows across the Azure environment.

Figure 1: NGFW offering

 SD-WAN + NGFW: A powerful combination

The SD-WAN and NGFW offering is an ideal solution for customers with workloads distributed across Azure VNets in multiple regions that are peered with Azure VWAN and require secure remote connectivity for branch offices, datacenters, or other remote locations.

In this offering, FortiGate delivers a powerful combination of SD-WAN capabilities and NGFW functionality to address diverse networking and security needs. FortiGate can inspect traffic going to remote locations through encrypted tunnels, ensuring secure communication across distributed environments. Additionally, it leverages SD-WAN intelligent traffic steering to optimize application performance by dynamically selecting the best available path for traffic, improving reliability and reducing latency.

Figure 2: NGFW and SDWAN offering

The integration of Azure Virtual WAN and Fortinet FortiGate provides organizations with a powerful solution to address the complexities of modern networking and security. By combining Azure VWAN’s centralized, scalable networking capabilities with FortiGate’s advanced security features and SD-WAN functionality, businesses can achieve seamless connectivity, robust protection, and optimized performance across distributed environments. This partnership empowers organizations to confidently expand their digital footprint while ensuring their networks remain secure, resilient, and future-ready.

Learn how you can purchase Fortinet’s FortiGate Next Generation Firewall (NGFW) solution directly from the Microsoft Azure Marketplace or visit the FortiGate-VM on Azure Community Resource Hub to find onboarding, deployment, and technical information.