Deploying a NGFW Virtual Appliance

Akins IT • November 1, 2019
Connect with us

SECURING YOUR AZURE VIRTUAL NETWORK WITH A NG FIREWALL


PART 3: DEPLOYING A NGFW VIRTUAL APPLIANCE


Before virtual security appliances were available in the Azure Marketplace, securing your Azure environment required the use of NSG’s (Network Security Group). NSG’s use the source and destination address and/or port methodology which doesn’t provide application layer visibility and logic. It can also become overly complex to implement and troubleshoot as the environment increases in scale.

With a virtual NGFW security appliance, securing your Azure perimeter feels familiar to that of an on-prem appliance. Offerings are also available through many of the major vendors, which can be deployed using templates available in the Azure marketplace. FortiGate for example can be deployed in a single or HA load balanced configuration and allows for a PAYG (pay as you go) or BYOL (bring your own license) option.


When deploying the virtual appliance, you’ll be required to select which VNET (virtual network) the appliance will associate with. From here, an outside and inside transport subnet will need to be selected from the chosen VNET. The outside subnet will be used for the appliances WAN interface, and inside for the LAN. This will be handed out dynamically by default but can be changed to a static IP configuration later if needed. It’s worth noting that both outside and inside interfaces will be assigned a private IP within their respective IP range. This is due to the fact that the public IP assigned by Azure does not get applied directly to the NGFW, but rather NAT’d 1:1 between the public IP and its outside interface IP.


After the virtual appliance successfully deploys, access will usually be enabled to the public IP by default. If using a FortiGate virtual appliance, management access via the public IP on 443 will be available. Once inside the NGFW management console, basic firewall forwarding rules can be configured for LAN to Internet connectivity.


INTERESTED IN VIEWING THE WEBINAR VIDEO ABOUT DEPLOYING A NG FIREWALL VIRTUAL APPLIANCE? FILL OUT THE FORM.

Palisades Fire Recovery: How AkinsIT Reconnected a Displaced School in 3 Weeks

By Shawn Akins September 12, 2025
After the Palisades fire destroyed its core network infrastructure, Palisades Charter High School partnered with AkinsIT for an emergency rebuild. In just 21 days, AkinsIT deployed a secure, scalable network in a temporary Sears building — restoring connectivity for displaced students and staff under extreme pressure.

9 IT Security Trends Every Mid‑Sized Business Should Care About

By Shawn Akins September 10, 2025
A CEO’s guide to staying secure in a fast‑changing threat landscape. 

Top 10 Copilot Questions in Teams That Actually Boost Productivity

By Shawn Akins August 21, 2025
Discover 10 practical Microsoft Copilot prompts for Teams that help IT leaders boost productivity across education, government, and mid-sized businesses.
More Posts