Step 6.0 – FortiGate Configuration
While the Windows VM is being provisioned you can finish the FortiGate configuration.
Step 6.1 – Update FortiGate Password
Update the FortiGate password as there are many bots that attempt to log in to newly provisioned devices on AWS subnets.
Figure 30
Step 6.2 – Confirm network settings
Set the port2 interface IP address settings (private subnet)
Step 6.3 – Setup basic policies
For this example we are going to create the following policies. (Samples below)
- NAT & allow outbound access o (Optional) You can apply any additional policies if you want to demonstrate features such as Web-filtering, DLP, etc.
- Port forwarding port 3389 to the Windows server
- Any required logging for troubleshooting
config firewall policy edit 1 set srcintf “port2” set dstintf “port1” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set service “ALL” set utm-status enable set logtraffic all set av-profile “default” set ips-sensor “default” set profile-protocol-options “default” set nat enable next
edit 2 set srcintf “port1” set dstintf “port2” set srcaddr “all” set dstaddr “Windows-RDP” set action accept set schedule “always” set service “ALL” set utm-status enable set logtraffic all set av-profile “AV-flow” set ips-sensor “default” set profile-protocol-options “default” next end config firewall vip edit “Windows-RDP” set extintf “port1” set portforward enable set mappedip 10.0.1.25 set extport 3389 set mappedport 3389 next end
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!