{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "location": { "type": "string", "metadata": { "description": "location" } }, "adminUsername": { "type": "string", "metadata": { "description": "Username for the Virtual Machine." } }, "adminPassword": { "type": "securestring", "metadata": { "description": "Password for the Virtual Machine." } }, "FortiGateNamePrefix": { "type": "string", "metadata": { "description": "Name for FortiGate virtual appliances (A & B will be appended to the end of each respectively)." } }, "FortiGateImageSKU": { "type": "string", "defaultValue": "fortinet_fg-vm", "allowedValues": [ "fortinet_fg-vm", "fortinet_fg-vm_payg_20190624" ], "metadata": { "description": "Identifies whether to to use PAYG (on demand licensing) or BYOL license model (where license is purchased separately)" } }, "FortiGateVersion": { "type": "string", "defaultValue": "latest", "allowedValues": [ "6.2.2", "6.2.3", "latest" ], "metadata": { "description": "Only 6.0.0 has the A/P HA feature currently" } }, "instanceType": { "type": "string", "defaultValue": "Standard_F4", "metadata": { "description": "Virtual Machine size selection - must be F4 or other instance that supports 4 NICs" } }, "publicIPNewOrExisting": { "type": "string", "defaultValue": "new", "allowedValues": [ "new", "existing" ], "metadata": { "description": "Identify if to use a public IP, and if so whether it's new" } }, "publicIP2NewOrExisting": { "type": "string", "defaultValue": "new", "allowedValues": [ "new", "existing" ], "metadata": { "description": "Whether to use a public IP and if so whether it is new" } }, "publicIP3NewOrExisting": { "type": "string", "defaultValue": "new", "allowedValues": [ "new", "existing" ], "metadata": { "description": "Whether to use a public IP and if so whether it is new" } }, "publicIPAddressName": { "type": "string", "defaultValue": "FGTAPClusterPublicIP", "metadata": { "description": "Name of Public IP address element." } }, "publicIPAddressResourceGroup": { "type": "string", "defaultValue": "", "metadata": { "description": "Resource group to which the Public IP belongs." } }, "publicIPAddress2Name": { "type": "string", "defaultValue": "FGTAMgmtPublicIP", "metadata": { "description": "Name of Public IP address element." } }, "publicIPAddress2ResourceGroup": { "type": "string", "defaultValue": "", "metadata": { "description": "Resource group to which the Public IP belongs." } }, "publicIPAddress3Name": { "type": "string", "defaultValue": "FGTBMgmtPublicIP", "metadata": { "description": "Name of Public IP address element." } }, "publicIPAddress3ResourceGroup": { "type": "string", "defaultValue": "", "metadata": { "description": "Resource group to which the Public IP belongs." } }, "publicIPAddressType": { "type": "string", "defaultValue": "Static", "allowedValues": [ "Dynamic", "Static" ], "metadata": { "description": "Type of public IP address" } }, "vnetNewOrExisting": { "type": "string", "defaultValue": "new", "allowedValues": [ "new", "existing" ], "metadata": { "description": "Identify whether to use a new or existing vnet" } }, "vnetName": { "type": "string", "metadata": { "description": "Name of the Azure virtual network." } }, "vnetResourceGroup": { "type": "string", "defaultValue": "", "metadata": { "description": "Resource Group containing the virtual network - or new resource group from above (if new vnet)" } }, "vnetAddressPrefix": { "type": "string", "defaultValue": "10.0.0.0/16", "metadata": { "description": "Virtual Network Address prefix" } }, "Subnet1Name": { "type": "string", "defaultValue": "EntrySubnet", "metadata": { "description": "Subnet 1 Name" } }, "Subnet1Prefix": { "type": "string", "defaultValue": "10.0.1.0/24", "metadata": { "description": "Subnet 1 Prefix" } }, "Subnet2Name": { "type": "string", "defaultValue": "TransitSubnet", "metadata": { "description": "Subnet 2 Name" } }, "Subnet2Prefix": { "type": "string", "defaultValue": "10.0.2.0/24", "metadata": { "description": "Subnet 2 Prefix" } }, "FGT-A-IP-Subnet2": { "type": "string", "defaultValue": "10.0.2.4", "metadata": { "description": "FortiGate A IP for Subnet 2" } }, "Subnet3Name": { "type": "string", "defaultValue": "HASyncSubnet", "metadata": { "description": "Subnet 3 Name" } }, "Subnet3Prefix": { "type": "string", "defaultValue": "10.0.3.0/28", "metadata": { "description": "Subnet 3 Prefix" } }, "Subnet4Name": { "type": "string", "defaultValue": "ManagementSubnet", "metadata": { "description": "Subnet 4 Name" } }, "Subnet4Prefix": { "type": "string", "defaultValue": "10.0.4.0/28", "metadata": { "description": "Subnet 4 Prefix" } }, "Subnet5Name": { "type": "string", "defaultValue": "ProtectedSubnet", "metadata": { "description": "Subnet 5 Name" } }, "Subnet5Prefix": { "type": "string", "defaultValue": "10.0.5.0/24", "metadata": { "description": "Subnet 5 Prefix" } }, "FortinetTags": { "type": "object", "defaultValue": { "provider": "6EB3B02F-50E5-4A3E-8CB8-2E129258317D" } }, "artifactsBaseUrl": { "type": "string", "defaultValue": "https://raw.githubusercontent.com/fortinetsolutions/Azure-Templates/master/FortiGate/Active-Passive HA", "metadata": { "description": "Base URL of the solution template gallery package", "artifactsBaseUrl": "" } } }, "variables": { "compute_AvailabilitySet_FG_Name": "[concat(parameters('FortiGateNamePrefix'),'-AvailabilitySet')]", "compute_AvailabilitySet_FG_Id": "[resourceId('Microsoft.Compute/availabilitySets', variables('compute_AvailabilitySet_FG_Name'))]", "vnetID": "[resourceId(parameters('vnetResourceGroup'),'Microsoft.Network/virtualNetworks', parameters('vnetName'))]", "subnet1Ref": "[concat(variables('vnetID'),'/subnets/', parameters('Subnet1Name'))]", "subnet2Ref": "[concat(variables('vnetID'),'/subnets/', parameters('Subnet2Name'))]", "subnet3Ref": "[concat(variables('vnetID'),'/subnets/', parameters('Subnet3Name'))]", "subnet4Ref": "[concat(variables('vnetID'),'/subnets/', parameters('Subnet4Name'))]", "vmName": "[concat(parameters('FortiGateNamePrefix'),'-A')]", "vm2Name": "[concat(parameters('FortiGateNamePrefix'),'-B')]", "routeTableName": "FGTDefaultAPRouteTable", "subnet2KnownIP": "[parameters('FGT-A-IP-Subnet2')]", "routeTableId": "[resourceId('Microsoft.Network/routeTables',variables('routeTableName'))]", "compute_VM_fg1_Name": "[variables('vmName')]", "compute_VM_fg2_Name": "[variables('vm2Name')]", "network_NIC_fg11_Name": "[concat(variables('vmName'),'-Nic1')]", "network_NIC_fg11_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg11_Name'))]", "network_NIC_fg12_Name": "[concat(variables('vmName'),'-Nic2')]", "network_NIC_fg12_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg12_Name'))]", "network_NIC_fg21_Name": "[concat(variables('vm2Name'),'-Nic1')]", "network_NIC_fg21_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg21_Name'))]", "network_NIC_fg22_Name": "[concat(variables('vm2Name'),'-Nic2')]", "network_NIC_fg22_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg22_Name'))]", "network_NIC_fg13_Name": "[concat(variables('vmName'),'-Nic3')]", "network_NIC_fg13_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg13_Name'))]", "network_NIC_fg23_Name": "[concat(variables('vm2Name'),'-Nic3')]", "network_NIC_fg23_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg23_Name'))]", "network_NIC_fg14_Name": "[concat(variables('vmName'),'-Nic4')]", "network_NIC_fg14_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg14_Name'))]", "network_NIC_fg24_Name": "[concat(variables('vm2Name'),'-Nic4')]", "network_NIC_fg24_Id": "[resourceId('Microsoft.Network/networkInterfaces',variables('network_NIC_fg24_Name'))]", "publicIPID": "[resourceID(parameters('publicIPAddressResourceGroup'),'Microsoft.Network/publicIPAddresses',parameters('publicIPAddressName'))]", "publicIP2ID": "[resourceID(parameters('publicIPAddress2ResourceGroup'),'Microsoft.Network/publicIPAddresses',parameters('publicIPAddress2Name'))]", "publicIP3ID": "[resourceID(parameters('publicIPAddress3ResourceGroup'),'Microsoft.Network/publicIPAddresses',parameters('publicIPAddress3Name'))]", "NSGName": "[concat(parameters('FortiGateNamePrefix'),'-',uniqueString(resourceGroup().id),'-NSG')]", "sn1IPArray": "[split(parameters('Subnet1Prefix'),'.')]", "sn1IPArray2ndString": "[string(variables('sn1IPArray')[3])]", "sn1IPArray2nd": "[split(variables('sn1IPArray2ndString'),'/')]", "sn1CIDRmask": "[string(int(variables('sn1IPArray2nd')[1]))]", "sn1IPArray3": "[string(add(int(variables('sn1IPArray2nd')[0]),1))]", "sn1IPArray2": "[string(int(variables('sn1IPArray')[2]))]", "sn1IPArray1": "[string(int(variables('sn1IPArray')[1]))]", "sn1IPArray0": "[string(int(variables('sn1IPArray')[0]))]", "sn1GatewayIP": "[concat(variables('sn1IPArray0'),'.',variables('sn1IPArray1'),'.',variables('sn1IPArray2'),'.',variables('sn1IPArray3'))]", "sn2IPArray": "[split(parameters('Subnet2Prefix'),'.')]", "sn2IPArray2ndString": "[string(variables('sn2IPArray')[3])]", "sn2IPArray2nd": "[split(variables('sn2IPArray2ndString'),'/')]", "sn2CIDRmask": "[string(int(variables('sn2IPArray2nd')[1]))]", "sn2IPArray3": "[string(add(int(variables('sn2IPArray2nd')[0]),1))]", "sn2IPArray2": "[string(int(variables('sn2IPArray')[2]))]", "sn2IPArray1": "[string(int(variables('sn2IPArray')[1]))]", "sn2IPArray0": "[string(int(variables('sn2IPArray')[0]))]", "sn2GatewayIP": "[concat(variables('sn2IPArray0'),'.',variables('sn2IPArray1'),'.',variables('sn2IPArray2'),'.',variables('sn2IPArray3'))]", "sn3IPArray": "[split(parameters('Subnet3Prefix'),'.')]", "sn3IPArray2ndString": "[string(variables('sn3IPArray')[3])]", "sn3IPArray2nd": "[split(variables('sn3IPArray2ndString'),'/')]", "sn3CIDRmask": "[string(int(variables('sn3IPArray2nd')[1]))]", "sn4IPArray": "[split(parameters('Subnet4Prefix'),'.')]", "sn4IPArray2ndString": "[string(variables('sn4IPArray')[3])]", "sn4IPArray2nd": "[split(variables('sn4IPArray2ndString'),'/')]", "sn4CIDRmask": "[string(int(variables('sn4IPArray2nd')[1]))]", "sn4IPArray3": "[string(add(int(variables('sn4IPArray2nd')[0]),1))]", "sn4IPArray2": "[string(int(variables('sn4IPArray')[2]))]", "sn4IPArray1": "[string(int(variables('sn4IPArray')[1]))]", "sn4IPArray0": "[string(int(variables('sn4IPArray')[0]))]", "sn4GatewayIP": "[concat(variables('sn4IPArray0'),'.',variables('sn4IPArray1'),'.',variables('sn4IPArray2'),'.',variables('sn4IPArray3'))]", "updateIPURI": "[concat(parameters('artifactsBaseURL'),'/update-nic.json')]", "updateIP2URI": "[concat(parameters('artifactsBaseURL'),'/update-nic2.json')]" }, "resources": [ { "apiVersion": "2018-02-01", "name": "pid-2dc4b447-552f-557f-b1cc-2faec6f9f133", "type": "Microsoft.Resources/deployments", "properties":{ "mode": "Incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deplymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [] } } }, { "type": "Microsoft.Compute/availabilitySets", "name": "[variables('compute_AvailabilitySet_FG_Name')]", "apiVersion": "2017-03-30", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "location": "[parameters('location')]", "properties": { "platformFaultDomainCount": 2, "platformUpdateDomainCount": 2 }, "sku": { "name": "Aligned" } }, { "type": "Microsoft.Network/routeTables", "name": "[variables('routeTableName')]", "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "location": "[parameters('location')]", "properties": { "routes": [ { "name": "toDefault", "properties": { "addressPrefix": "0.0.0.0/0", "nextHopType": "VirtualAppliance", "nextHopIPAddress": "[variables('subnet2KnownIP')]" } } ] } }, { "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]", "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2017-09-01", "name": "[parameters('vnetName')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Network/routeTables/', variables('routeTableName'))]" ], "properties": { "addressSpace": { "addressPrefixes": [ "[parameters('vnetAddressPrefix')]" ] }, "subnets": [ { "name": "[parameters('Subnet1Name')]", "properties": { "addressPrefix": "[parameters('Subnet1Prefix')]" } }, { "name": "[parameters('Subnet2Name')]", "properties": { "addressPrefix": "[parameters('Subnet2Prefix')]" } }, { "name": "[parameters('Subnet3Name')]", "properties": { "addressPrefix": "[parameters('Subnet3Prefix')]" } }, { "name": "[parameters('Subnet4Name')]", "properties": { "addressPrefix": "[parameters('Subnet4Prefix')]" } }, { "name": "[parameters('Subnet5Name')]", "properties": { "addressPrefix": "[parameters('Subnet5Prefix')]", "routeTable": { "id": "[variables('routeTableId')]" } } } ] } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkSecurityGroups", "name": "[variables('NSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "AllowAllInbound", "properties": { "description": "Allow all in", "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } }, { "name": "AllowAllOutbound", "properties": { "description": "Allow all out", "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 105, "direction": "Outbound" } } ] } }, { "condition": "[equals(parameters('publicIPNewOrExisting'), 'new')]", "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "name": "[parameters('publicIPAddressName')]", "location": "[parameters('location')]", "sku": { "name": "Standard" }, "properties": { "publicIPAllocationMethod": "[parameters('publicIPAddressType')]" } }, { "condition": "[equals(parameters('publicIP2NewOrExisting'), 'new')]", "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "name": "[parameters('publicIPAddress2Name')]", "location": "[parameters('location')]", "sku": { "name": "Standard" }, "properties": { "publicIPAllocationMethod": "[parameters('publicIPAddressType')]" } }, { "condition": "[equals(parameters('publicIP3NewOrExisting'), 'new')]", "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "name": "[parameters('publicIPAddress3Name')]", "location": "[parameters('location')]", "sku": { "name": "Standard" }, "properties": { "publicIPAllocationMethod": "[parameters('publicIPAddressType')]" } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg11_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[parameters('vnetName')]", "[variables('NSGName')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[variables('subnet1Ref')]" } } } ], "enableIPForwarding": true, "networkSecurityGroup": { "id": "[resourceID('Microsoft.Network/networkSecurityGroups/',variables('NSGName'))]" } } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg21_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[variables('network_NIC_fg11_Name')]", "[parameters('vnetName')]", "[variables('NSGName')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[variables('subnet1Ref')]" } } } ], "enableIPForwarding": true, "networkSecurityGroup": { "id": "[resourceID('Microsoft.Network/networkSecurityGroups/',variables('NSGName'))]" } } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg12_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[parameters('vnetName')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Static", "privateIPAddress": "[variables('subnet2KnownIP')]", "subnet": { "id": "[variables('subnet2Ref')]" } } } ], "enableIPForwarding": true } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg22_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[parameters('vnetName')]", "[variables('network_NIC_fg12_Name')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[variables('subnet2Ref')]" } } } ], "enableIPForwarding": true } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg13_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[parameters('vnetName')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[variables('subnet3Ref')]" } } } ], "enableIPForwarding": true } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg23_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[parameters('vnetName')]", "[variables('network_NIC_fg13_Name')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[variables('subnet3Ref')]" } } } ], "enableIPForwarding": true } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg14_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[parameters('vnetName')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[variables('subnet4Ref')]" } } } ], "enableIPForwarding": true } }, { "apiVersion": "2017-09-01", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "type": "Microsoft.Network/networkInterfaces", "name": "[variables('network_NIC_fg24_Name')]", "location": "[parameters('location')]", "dependsOn": [ "[parameters('vnetName')]", "[variables('network_NIC_fg14_Name')]" ], "properties": { "ipConfigurations": [ { "name": "ipconfig1", "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "[variables('subnet4Ref')]" } } } ], "enableIPForwarding": true } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC11", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg11_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIPURI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg11_Name')]" }, "SubnetRef": { "value": "[variables('subnet1Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg11_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "publicIp": { "value": "[variables('publicIPID')]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC21", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg21_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIP2URI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg21_Name')]" }, "SubnetRef": { "value": "[variables('subnet1Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg21_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC12", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg12_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIP2URI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg12_Name')]" }, "SubnetRef": { "value": "[variables('subnet2Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg12_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC22", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg22_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIP2URI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg22_Name')]" }, "SubnetRef": { "value": "[variables('subnet2Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg22_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC13", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg13_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIP2URI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg13_Name')]" }, "SubnetRef": { "value": "[variables('subnet3Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg13_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC23", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg23_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIP2URI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg23_Name')]" }, "SubnetRef": { "value": "[variables('subnet3Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg23_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC14", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg14_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIPURI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg14_Name')]" }, "SubnetRef": { "value": "[variables('subnet4Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg14_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "publicIp": { "value": "[variables('publicIP2ID')]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Resources/deployments", "name": "UpdateNIC24", "apiVersion": "2015-01-01", "dependsOn": [ "[variables('network_NIC_fg24_Name')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('updateIPURI')]", "contentVersion": "1.0.0.0" }, "parameters": { "nicName": { "value": "[variables('network_NIC_fg24_Name')]" }, "SubnetRef": { "value": "[variables('subnet4Ref')]" }, "privateIp": { "value": "[reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg24_Name'))).ipConfigurations[0].properties.privateIPAddress]" }, "publicIp": { "value": "[variables('publicIP3ID')]" }, "FortinetTags": { "value": "[parameters('FortinetTags')]" }, "NSGName": { "value": "[variables('NSGName')]" } } } }, { "type": "Microsoft.Compute/virtualMachines", "name": "[variables('compute_VM_fg1_Name')]", "apiVersion": "2017-03-30", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "location": "[parameters('location')]", "plan": { "name": "[parameters('FortiGateImageSKU')]", "publisher": "fortinet", "product": "fortinet_fortigate-vm_v5" }, "dependsOn": [ "UpdateNIC11", "UpdateNIC12", "UpdateNIC13", "UpdateNIC14" ], "properties": { "hardwareProfile": { "vmSize": "[parameters('instanceType')]" }, "availabilitySet": { "id": "[variables('compute_AvailabilitySet_FG_Id')]" }, "osProfile": { "computerName": "[variables('compute_VM_fg1_Name')]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]", "customData": "[base64(concat('config system global\n set admin-sport 8443\n end\n config router static\n edit 1\n set gateway ', variables('sn1GatewayIP'), '\n set device port1\n next\n edit 2\n set dst ', parameters('vnetAddressPrefix'), '\n set gateway ', variables('sn2GatewayIP'), '\n set device port2\n next\n edit 3\nset dst 168.63.129.16 255.255.255.255\nset device port2\n set gateway ', variables ('sn2GatewayIP'), '\n next\nedit 4\nset dst 168.63.129.16 255.255.255.255\nset device port1\n set gateway ', variables ('sn1GatewayIP'), '\n next\n end\n config system interface\n edit port1\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg11_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn1CIDRmask'), '\n set description external\n next\n edit port2\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg12_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn2CIDRmask'), '\n set description internal\n next\n edit port3\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg13_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn3CIDRmask'), '\n set description hasyncport\n next\n edit port4\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg14_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn4CIDRmask'), '\n set description management\n set allowaccess ping https ssh ftm\n next\n end\n config system ha\n set group-name AzureHA\n set mode a-p\n set hbdev port3 100\n set session-pickup enable\n set session-pickup-connectionless enable\n set ha-mgmt-status enable\n config ha-mgmt-interfaces\n edit 1\n set interface port4\n set gateway ', variables('sn4GatewayIP'),'\n next\n end\n set override disable\n set priority 255\n set unicast-hb enable\n set unicast-hb-peerip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg23_Name'))).ipConfigurations[0].properties.privateIPAddress, '\n end'))]" }, "storageProfile": { "imageReference": { "publisher": "fortinet", "offer": "fortinet_fortigate-vm_v5", "sku": "[parameters('FortiGateImageSKU')]", "version": "[parameters('FortiGateVersion')]" }, "osDisk": { "createOption": "FromImage" }, "dataDisks": [ { "diskSizeGB": 30, "lun": 0, "createOption": "Empty" } ] }, "networkProfile": { "networkInterfaces": [ { "properties": { "primary": true }, "id": "[variables('network_NIC_fg11_Id')]" }, { "properties": { "primary": false }, "id": "[variables('network_NIC_fg12_Id')]" }, { "properties": { "primary": false }, "id": "[variables('network_NIC_fg13_Id')]" }, { "properties": { "primary": false }, "id": "[variables('network_NIC_fg14_Id')]" } ] } } }, { "type": "Microsoft.Compute/virtualMachines", "name": "[variables('compute_VM_fg2_Name')]", "apiVersion": "2017-03-30", "tags": { "provider": "[toUpper(parameters('FortinetTags').provider)]" }, "location": "[parameters('location')]", "plan": { "name": "[parameters('FortiGateImageSKU')]", "publisher": "fortinet", "product": "fortinet_fortigate-vm_v5" }, "dependsOn": [ "UpdateNIC21", "UpdateNIC22", "UpdateNIC23", "UpdateNIC24" ], "properties": { "hardwareProfile": { "vmSize": "[parameters('instanceType')]" }, "availabilitySet": { "id": "[variables('compute_AvailabilitySet_FG_Id')]" }, "osProfile": { "computerName": "[variables('compute_VM_fg2_Name')]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]", "customData": "[base64(concat('config system global\n set admin-sport 8443\n end\n config router static\n edit 1\n set gateway ', variables('sn1GatewayIP'), '\n set device port1\n next\n edit 2\n set dst ', parameters('vnetAddressPrefix'), '\n set gateway ', variables('sn2GatewayIP'), '\n set device port2\n next\n edit 3\nset dst 168.63.129.16 255.255.255.255\nset device port2\n set gateway ', variables ('sn2GatewayIP'), '\n next\nedit 4\nset dst 168.63.129.16 255.255.255.255\nset device port1\n set gateway ', variables ('sn1GatewayIP'), '\n next\n end\n config system interface\n edit port1\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg21_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn1CIDRmask'), '\n set description external\n next\n edit port2\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg22_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn2CIDRmask'), '\n set description internal\n next\n edit port3\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg23_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn3CIDRmask'), '\n set description hasyncport\n next\n edit port4\n set mode static\n set ip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg24_Name'))).ipConfigurations[0].properties.privateIPAddress, '/', variables('sn4CIDRmask'), '\n set description management\n set allowaccess ping https ssh ftm\n next\n end\n config system ha\n set group-name AzureHA\n set mode a-p\n set hbdev port3 100\n set session-pickup enable\n set session-pickup-connectionless enable\n set ha-mgmt-status enable\n config ha-mgmt-interfaces\n edit 1\n set interface port4\n set gateway ', variables('sn4GatewayIP'),'\n next\n end\n set override disable\n set priority 1\n set unicast-hb enable\n set unicast-hb-peerip ', reference(concat('Microsoft.Network/networkInterfaces/', variables('network_NIC_fg13_Name'))).ipConfigurations[0].properties.privateIPAddress, '\n end'))]" }, "storageProfile": { "imageReference": { "publisher": "fortinet", "offer": "fortinet_fortigate-vm_v5", "sku": "[parameters('FortiGateImageSKU')]", "version": "[parameters('FortiGateVersion')]" }, "osDisk": { "createOption": "FromImage" }, "dataDisks": [ { "diskSizeGB": 30, "lun": 0, "createOption": "Empty" } ] }, "networkProfile": { "networkInterfaces": [ { "properties": { "primary": true }, "id": "[variables('network_NIC_fg21_Id')]" }, { "properties": { "primary": false }, "id": "[variables('network_NIC_fg22_Id')]" }, { "properties": { "primary": false }, "id": "[variables('network_NIC_fg23_Id')]" }, { "properties": { "primary": false }, "id": "[variables('network_NIC_fg24_Id')]" } ] } } } ] }