How to Access VMs behind Fortigate in Azure Stack?

I already went through setting up Fortigate on Azure Stack – you can read more about it here but the part that is missing is – how to allow access to VMs behind Fortigate in Azure Stack?

We have to do simple port forwarding.


This tutorial is done on Azure Stack v 1.1910.0.58

Fortigate VM (from Azure Marketplace) is v 6.0.3

Fortigate network config:

Internal network is on (assigned to port2 on Fortigate with IP

Outside network is on (assigned to port1 on Fortigate with IP

IP address of the VM I want to access from outside is

Public IP that Azure Stack assigned to Fortigate is

I want to access VM from outside and I want to access it via RDP.


First step would be to define Virtual IP on Fortigate. 

Policy & Objects | Virtual IPs | + Create New | Virtual IP

Ok, here is a little explanation of the New Virtual IP screen. Name and Color is up to you, interface should be your Outside interface (WAN), in my case it is port1. External IP Address – it is not public IP Azure assigned to your Fortigate, it is IP address of the Outside interface of your Fortigate installation. It is defined under Network | Interfaces – in my case it is on port1 with IP address

Mapped IP is the IP on the internal network you wish to access. My VM is on IP Finally – enable Port Forwarding and define port you wish to forward. I want RDP so for me both external service port and map to port is 3389. OK

Here is what created Virtual IP looks like.

Next step

Policy & Objects | IPv4 Policy | + Create New

So, here is how my policy looks like. Name – again, up to you. Incoming Interface should be your Outside (WAN) interface – port1 in my case. Outgoing interface shoud be your inside (LAN) interface. Source – we can select all, and Destination, we will select created Virtual IP – in my case it is under RDPInbound name. We wish this rule to be accessible always and service we want to let through is RDP. Action is Accept and NAT is ON!!! 

Leave everything else as default or configure to your liking – confirm with OK

This is how created rule will look like.

Now, to the test. I created RDP connection on my machine with port 3389 and external IP that Azure assigned to my Fortigate installation –

We will now try and connect

Success! It works.

That is it.

In case this doesn’t work for you, check out once again your Fortigate configuration and Routes part on your Azure Stack.