Fortinet Guide Pdf

[Mariam Obregon]

Iwould like to share with you this my mini guide that I created for own purpose: block unwanted and malicious attempts to connect to our SSL VPN permanently.

Through "Automation" I created a Stitch that get Logs of failed attempts to access the SSL VPN and create an IP Address Group that would be invoked by a Local Policy that deny connections to the SSL VPN.

This system blocks the source IP on the first attempt, and here there was the problem for known users who might run into this automation.

I created a second Stitch that within it invokes a Trigger with a Filter Field on the "known" username ; this creates another IP Address Group that is then invoked by a Local Policy that allows traffic.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Using this deployment guide, you will learn how to set up and work with the Fortinet FortiGate next-generation firewall product deployed as an Azure Virtual Machine. Additionally, you will configure the FortiGate SSL VPN Microsoft Entra Gallery App to provide VPN authentication through Microsoft Entra ID.

The Fortinet FortiGate next-generation firewall product is available as a virtual machine in Azure infrastructure as a service (IaaS). There are two licensing modes for this virtual machine: pay-as-you-go and bring-your-own-license (BYOL).

If you own a publicly routable domain name for the environment into which the FortiGate VM is being deployed, create a Host (A) record for the VM. This record maps to the preceding public IP address that is statically assigned.

For internal resources to be made available to users, a second Virtual NIC must be added to the FortiGate VM. The Virtual Network in Azure on which the Virtual NIC resides must have a routable connection to those internal resources.

If the deployment uses the bring-your-own-license model, you'll see a prompt to upload a license. Select the license file created earlier, and upload it. Select OK and restart the FortiGate VM.

You might want to configure the FortiGate VM with your own SSL certificate that supports the FQDN you're using. If you have access to an SSL certificate packaged with the private key in PFX format, it can be used for this purpose.

Examine port1 (external interface) and port2 (internal interface) to ensure they are obtaining an IP address from the correct Azure subnet.a. If either port is not obtaining an IP address from the subnet (via DHCP), right-click the port and select Edit.b. Next to Addressing Mode, ensure that DHCP is selected.c. Seelct OK.

Multi-homed Azure VMs have all network interfaces on the same virtual network (but perhaps separate subnets). This often means that both network interfaces have a connection to the on-premises corporate resources being published via FortiGate. For this reason, it is necessary to create custom route entries that ensure traffic exits from the correct interface when requests for on-premises corporate resources are made.

3a8082e126