October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 1

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

Customer Management Instructions: Fortinet FortiGate-VM Virtual Security This guide is designed to help you understand the steps to launch your Fortinet FortiGate-VM Virtual Security application (Fortinet FortiGate-VM).

AT&T Recommends

• Network administrators have a working knowledge of Fortinet FortiGate-VM policy administration.

• Network administrators must thoroughly review the Fortinet FortiGate-VM documentation and be familiar with the configuration options and details.

While AT&T is always available to assist, you are ultimately responsible for the configuration, administration, and policies on your FortiGate-VM Virtual Security application.

Service Launch Requirements

Begin by reviewing the FortiGate-VM Virtual Security documentation available on the Fortinet website. This documentation provides detailed information on all aspects of Fortinet FortiGate firewall administration. You can find the documentation here:

http://docs.fortinet.com/fortigate/admin-guides

NOTE: Information on the Fortinet website is maintained by Fortinet, which is solely responsible for the accuracy of the available documentation.

Specific software versions can be selected at the top of the webpage. Some guides may be only listed under major release if there are no changes. Version 5.6 should be selected if guide is not found under more specific releases.

Figure 1: The FortiGate Document Library landing page

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 2

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

Verify Configuration Settings and Policies In the Fortinet FortiGate-VM GUI

NOTE: An AT&T Technician will be online with you to verify these settings as part of the Test and Turn Up (TTU) process.

The Fortinet FortiGate-VM GUI is accessed using a connected web browser. In your browser’s address bar, type:

https:/[yourmgmt_ip]/login

Replace [yourmgmt_ip] in the URL with the actual management IP you provided to the AT&T Lead Engineer during the initial data gathering consultation for your service.

The next steps are:

• Change your admin password

• Verify all ordered features are correctly licensed

• Enable the installed default policy

• Optionally, create a custom policy

Changing Your Admin Password

Your assigned AT&T Technician will supply a temporary admin password for initial access to the Fortinet FortiGate-VM GUI. This password should be changed immediately after accessing the GUI for the first time.

1. After logging in with your supplied credentials, navigate to System>Admin>Administrators.

2. Click on Change Password.

3. Type the old password, type a new password, and click OK.

4. You will be logged out of Fortinet FortiGate-VM GUI and a login prompt will appear for you to log back in.

Verifying Licensed Features

Verify that the Fortinet FortiGate-VM is licensed and UTM (unified threat management) features are active.

1. In the Fortinet FortiGate-VM GUI, navigate to Dashboard>Status.

2. Verify the License entry is listed as Valid.

Figure 2: Visual indication on the Fortinet Dashboard of the VM license status

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 3

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

3. Confirm that all ordered features have active licenses.

Figure 3: Visual indication on the Fortinet Dashboard of the ordered feature license statuses

Note: Notify your AT&T technician if you find features that are licensed incorrectly.

Enable the Default Policy

A default policy is installed that will allow http/https access and DNS (domain name service) queries to the Internet. Prior to enabling this policy, general Internet access through the Fortinet FortiGate-VM will be denied.

In the Fortinet FortiGate-VM GUI, navigate to System>Policy & Objects>Policy>IPv4.

Figure 4: The FortiGate GUI, illustrating how to enable the default policy

Highlight Policy 1, right-click to open the pop-up menu, and click Enable.

From a browser, visit a few websites to verify proper operation. After these steps the Fortinet FortiGate-VM is operational. More restrictive alternate policies may be created to further secure your system if desired.

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 4

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

Additional Configuration Guidelines

• Regularly backup your vFirewall configuration. AT&T does not have access to your configuration and cannot perform standard backups of your vFirewall.

• Take care not to lose your admin password. AT&T does not have the ability to reset the admin password.

• If you need to add, remove, or change WAN IP addresses or VLANs on your vFirewall, file an AT&T change order MACD first. Changes must be made to the AT&T FlexWare Device to support these changes. MACD orders are required for any change in your layer-2 topology settings.

• Do not alter RIP (routing information protocol) configuration. This is required for routing between the Fortinet FortiGate-VM and your AT&T managed router.

• NAT (network address translation) is enabled and uses egress interface toward the internet. NAT is required for Internet connectivity.

• Rebooting your vFirewall is fine, but avoid hard shutdowns. If a hard shutdown of your vFirewall occurs, file a support ticket to have the vFirewall brought up manually by AT&T.

• Be careful not to make configuration changes that may lock you out of your vFirewall. AT&T can restore the Fortinet FortiGate-VM to its original configuration, but only if you have not changed the default administrator password.

• AT&T can upgrade your vFirewall to the latest supported firmware version upon request via the support process. Do not upgrade/downgrade the firmware to a version not currently supported for the AT&T FlexWare Device.

General Customer Responsibilities:

• Fortinet FortiGate-VM Configuration and Policy Management: You will have access to the vFirewall through a WAN and LAN IP address when the vFirewall is turned-up. You can configure your vFirewall using the same way you would configure a physical Fortinet firewall. You may manage your vFirewall using FortinManager or through the vFirewall’s GUI or CLI.

• vFirewall Monitoring and Reporting: As a network administrator, you responsible for any Fortinet FortiGate-VM-specific health monitoring. The FortiGate user interface provides dashboard with statistics, and SNMP (simple network management protocol)/system logs (SYSLOG) monitoring can be setup to monitor your network management infrastructure.

Reports can be accessed through the FortiGate Web UI. Log events can be forwarded to customer provided SIM (service implementation manager) or to your organization’s instance of FortiAnalyzer.

• vFirewall Backup and Firmware Upgrades: As a network administrator, you are responsible for maintaining a backup of your vFirewall configuration. You are also responsible for scheduling firmware upgrades, but you must contact AT&T prior to any firmware upgrade to confirm the upgrade version is supported by the AT&T FlexWare Device offer.

• Ensure connectivity to FortiGuard for license and UTM feature updates. These updates are automatically downloaded in real-time from the Fortinet FortiGate FortiGuard service over

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 5

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

the Internet. AT&T will verify that updates are working during turn-up as part of initial licensing and provisioning, but you should periodically check whether updates are working

AT&T Responsibilities:

• Initial Installation, Configuration, and Licensing of the vFirewall. AT&T will provision the Fortinet FortiGate-VM with the configuration you specified during your consultation sessions with your assigned AT&T Lead Engineer.

AT&T will do the networking and router configuration on the FlexWare Device to put the Fortinet FortiGate-VM in line of appropriate traffic on the FlexWare Device.

AT&T will handle the Fortinet FortiGate-VM licensing and provide a serial number to you in case direct support is needed from Fortinet.

• Monitoring of the AT&T FlexWare Device. The state of the vFirewall VM (virtual machine) will only be monitored for up/down status. AT&T will confirm that VM is in an up status at all times and restart, if necessary. AT&T operations team can restart the vFirewall in consultation with you, if necessary.

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 6

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

How to Get Support

Support tickets are created with Fortinet either through the Fortinet Support web portal or over the phone.

Before seeking support from Fortinet, you must create and register your Fortinet support account. If you have any issues with this process, please contact AT&T’s Global Customer Support Center at 1-844-736-3843.

Creating a Fortinet Support Ticket Online

To get started, on the Fortinet support home page, click “Create a Ticket.”

Click “Technical Support Ticket.”

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 7

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

A registered serial number is required in order to directly request a ticket with Fortinet. The serial number must correspond to the product that Fortinet will be troubleshooting for the reported defect.

After typing the first 3 characters of the serial number, the system will propose a list of serial number from your own registered products, if any. You can also access a complete list of serial numbers registered to your account under the “Asset” drop down. Select the “Manage/View Products” option for the list.

Enter or select a serial number, then click “Submit Ticket”.

Accurate contact information will allow the Fortinet Technical Support team to contact you. The fields are pre-filled with your profile information. Verify the information is correct

NOTE: Don’t forget to indicate the country code when typing the Telephone and Mobile phone information.

Describe your problem. Click next after selecting/filling in the appropriate information.

1. Serial number

2. Contact information

3. Problem description

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 8

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

Field Notes

Title Type a a very brief description of your request.

Product Type This field is auto-detected from the serial number.

Category From the drop-down list, select the feature or software component that is related to your request.

S/W Version

Patch

Ticket Priority The Ticket Priority determines initial response, reporting interval and notification schedule. Select your ticket severity based on the table below. In the case of P1 or P2 requests, continue with the ticket creation set as P3 and then telephone your regional Support Center with your ticket number in order to increase the priority.

Fortinet Ticket Priority Definitions

Priority Description

P1 • Catastrophic impact to mission critical functionality.

• Total loss or continuous instabilities of mission critical functionality.

• Critical traffic impact, major loss of connectivity or vital security flaw.

• Creation of a hazard or an emergency. Fortinet comittment: Resources dedicated 24x7 until resolution or

workaround in place. Customer obligation: Designated resources available 24x7 with ability

to provide required information.

P2 • Significant impact to mission critical functionality:

• Serious loss or frequent instabilities of mission critical functionality. Fortinet commitment: Resources dedicated 8x5 until resolution or

workaround in place. Customer obligation: Designated resources available 8x5 with ability to

provide required information.

P3 • Minimal impact to major business operations.

• Occasional or intermittent instabilities of core functions.

• Limited traffic impact, loss of connectivity or security exposure. Fortinet commitment: Resources committed during normal business

hours to provide a resolution or Workaround to restore business operations to acceptable levels.

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 9

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

Priority Description

Customer obligation: Resources made available during normal business

hours with ability to provide required information.

P4 • Cases involving minor defects to Product, documentation or service, or information requests, or configuration assistance.

Fortinet commitment: To investigate the issue and to provide feedback

on the expected resolution. Customer obligation: To provide additional qualification information as

requested by Fortinet.

In the Add Comment field, typea detailed description of the problem. In order for Fortinet Technical Support to provide you with the optimum level of service, we request that you provide the following information:

• A problem description

• Relevant background information (Has the configuration worked in the past? Is this a new configuration? Have any changes been made recently to the Fortinet device or application or on the network?)

• A description and the results of your troubleshooting steps

Attach additional documents that could help the Technical Support team address your request. Files that would be particularly useful:

• A network diagram with the IP addressing clearly indicated

• Screenshots

• Configuration file(s)

• Debug log(s)

Once all information has been completed and files have been attached, click Next to create the ticket.

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 10

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

NOTE: More files can also be attached after the ticket is created.

After creating your ticket, a confirmation page will indicate your ticket number. The ticket number (1031759 in the examplebelow) should be referenced when following up with Fortinet.

Creating a Fortinet Support Ticket by Phone

Go to the Fortinet support website and select your country to see the regional support number:

https://www.fortinet.com/support-and-training/support/contact.html

Or select a global support number from below:

• USA +1 408 542 7780

• Canada +1 613 670 8994

• France +33 4 89 87 05 55

• Malaysia +6 032 719 7601.

Be prepared to provide the serial number of the device, an explanation of the issue, and contact information.

If you have any issues with this process, please contact AT&T’s Global Customer Support Center at 1-844-736-3843.

Accessing AT&T Support Resources

You can always access AT&T Support Resources at http://carecentral.att.com/attflexware.

October 25, 2018 © 2018 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 11

AT&T FlexWare Applications: Customer Management Instructions Fortinet FortiGate-VM Virtual Security

Figure 5: Image showing the landing page of the AT&T Business Care Central website.

You will find Customer Care links to your support overview and information on how to speak to an AT&T agent.

Additionally, Customer Management Instruction documents like this one are available in the Managing Your Solution section.