Amazing, well done putting this together!

very helpful

How about the UDR setup that needs to be done to forward traffic from all protected subnets to the FW and out to the internet? It is difficult to do as there are load balancers involved both internal and external...

Do you recommend this deployment model or HA (active/passive) using the SDN connector and without any Azure LB? Can you also give the reasons for your preferred choice?

I have a issue, with my Fortigates deploy with SDN connector, when I want to do a HA test, reboot the master firewall an them look the traffic in the slave firewall but the Azure UDRs routing tables don't update, in the SDN connector each firewall is well configured. Can you help me?

2:05 what is protected subnet its not clear, we can have VM on internal subnet right? then whats the point of protected subnet? 172.16.137.0/24 is protected subnet what will be default gateway for VM under this? how traffic from outside world reach protected subnet? can anyone please mention the concept of protected subnet, when I deployed FGT in azure as a single VM i had only external and internal subnet , VM's on internal subnet and Route table for internal subnet to go out.

How does this handle IPsec tunnels, would they failover?

We have deployed Active passive using loadbalancer but when failover occur ip address of firewall don't switch and now VIP as well as static routes are getting sync . We are not able to access SSL VPN and IpSec tunnel due to this . Anyone has deployed it

Please also share how UDR will be configured so that all the internet based traffic route towards Fortinet firewall. Also test HA. Secondly, if we want fortinet firewall as a gateway to both internal subnet

how to get license? plz guide. license for training purpose.

i am looking for a video related to azure firewall, can you kindly explain that as well

How can I make a VPN connection using the Public Load Balancers? Azure LB doesn't support ESP packets.

i deployed standalone fortigate on azure everthing was fine i could login to fortigate gave BYOL license, did some setting on firewall and under interfaces wan side interface was set as dhcp i changed it to static and lost connectivity for both GUI and CLI is there a way i could change back from azure portal and get back the connectivity?