Deploy active/active FortiGate NGFW in Azure

10th of April, 2018 / AJ Bajada / 22 Comments

I recently was tasked with deploying two Fortinet FortiGate firewalls in Azure in a highly available active/active model. I quickly discovered that there is currently only two deployment types available in the Azure marketplace, a single VM deployment and a high availability deployment (which is an active/passive model and wasn’t what I was after).
FG NGFW Marketplace Options
I did some digging around on the Fortinet support sites and discovered that to you can achieve an active/active model in Azure using dual load balancers (a public and internal Azure load balancer) as indicated in this Fortinet document: https://www.fortinet.com/content/dam/fortinet/assets/deployment-guides/dg-fortigate-high-availability-azure.pdf… [Keep reading] “Deploy active/active FortiGate NGFW in Azure”

VPC ( Virtual Private Cloud) Configuration

15th of May, 2017 / Syed Naqvi / No Comments

Introduction

This blog is Part 01 of a 02 part series related to custom VPC configurations
Part 01 discusses the following scenario

Creating a VPC with 02 subnets ( Public and Private )
Creating a bastion host server in the public subnet
Allowing the Bastion host to connect to the servers in the Private Subnet using RDP.

Part 02 will discuss the following

Configuring NAT Instances
Configuring VPC Peering
Configuring VPC flow Logs.

What is a VPC

VPC can be described as a logical Datacenter where AWS resources can be deployed.… [Keep reading] “VPC ( Virtual Private Cloud) Configuration”

Secure Azure Virtual Network Defense In Depth using Network Security Groups, User Defined Routes and Barracuda NG Firewall

25th of August, 2015 / Andreas Wasita / 3 Comments

Security Challenge on Azure

There are few common security related questions when we start planning migration to Azure:

How can we restrict the ingress and egress traffic on Azure ?
How can we route the traffic on Azure ?
Can we have Firewall kit, Intrusion Prevention System (IPS), Network Access Control, Application Control and Anti – Malware on Azure DMZ ?

This blog post intention is to answer above questions using following Azure features combined with Security Virtual Appliance available on Azure Marketplace:

Azure Virtual Network (VNET)
Azure Network Security Groups (NSGs)
Azure Network Security Rule
Azure Forced Tunelling
Azure Route Table
Azure IP Forwarding
Barracuda NG Firewall available on Azure Marketplace

One of the most common methods of attack is The Script Kiddie / Skiddie / Script Bunny / Script Kitty.… [Keep reading] “Secure Azure Virtual Network Defense In Depth using Network Security Groups, User Defined Routes and Barracuda NG Firewall”

Azure ExpressRoute in Australia via Equinix Cloud Exchange

1st of July, 2015 / Andreas Wasita / 4 Comments

Microsoft Azure ExpressRoute provides dedicated, private circuits between your WAN or datacentre and private networks you build in the Microsoft Azure public cloud. There are two types of ExpressRoute connections – Network (NSP) based and Exchange (IXP) based with each allowing us to extend our infrastructure by providing connectivity that is:

Private: the circuit is isolated using industry-standard VLANs – the traffic never traverses the public Internet when connecting to Azure VNETs and, when using the public peer, even Azure services with public endpoints such as Storage and Azure SQL Database.

… [Keep reading]

Reachability.Net: A unified API for reachability (network connectivity) on Xamarin Android and iOS

4th of May, 2015 / Has AlTaiar / No Comments

Do you need to check for an active internet connection in your mobile app? Don’t we all do it often and on many platforms (and for almost all apps)? I found myself implementing it on iOS and Android and then pulling my implementation to almost all the mobile apps that I write. This is not efficient, and can be done better, right? 🙂

As a result I have created a library called Reachabiliy.Net which can be found as a nuget package for everything related to network connectivity.… [Keep reading] “Reachability.Net: A unified API for reachability (network connectivity) on Xamarin Android and iOS”

Static DIP Request, VIP Reservation on Microsoft Azure

18th of July, 2014 / Andreas Wasita / No Comments

Firstly, what is Azure VIP (Virtual IP address) and DIP (internal IP address assigned by Azure DHCP) on Microsoft Azure?

Microsoft Azure VM has two known IP addresses:

VIP: Public IP address pointing to Azure Cloud Service where VM is deployed. Every Cloud Service has a VIP and every Cloud Service can have several VMs. A VIP assigned to Cloud Service won’t be released until last VM on that Cloud Service is Stopped (De-allocated)
or Deleted
DIP: Internal IP address assigned to the VM by Azure DHCP.

… [Keep reading]

Microsoft Azure Cross Platform Command Line Step by Step

24th of June, 2014 / Andreas Wasita / No Comments

Microsoft Azure is not just about Windows, Microsoft Azure also supports Linux workloads. Spinning up Linux VMs in Microsoft’s fabric offers alternative options for open-source technologies with Microsoft Azure services.

Microsoft also provides Azure Cross-Platform Command-Line Interface (X-Plat CLI) which is a set of Open-Source, Cross-Platform commands for managing Microsoft Azure platform. X-Plat CLI has few top-level commands which correspond to different set of Microsoft Azure features. Typing “azure” will list each of the sub commands.… [Keep reading] “Microsoft Azure Cross Platform Command Line Step by Step”