FortiGate QuickStart Guide

FORTIGATE QUICKSTART GUIDE

FORTIGATE QUICKSTART GUIDE

A starter guide to getting FortiGate up and running on AWS

What is FortiGate Enterprise Firewall for AWS?

The Fortinet FortiGate Enterprise Firewall offers enterprise-class firewall and network protection for your cloud-based applications and infrastructure across a broad spectrum of potential security threats. Empowered by advanced IPC technology, FortiGate helps to protect against known threats and newly emerging threats through anomaly-based detection that identifies attack behavior profiles rather than specific past exploits. FortiGate delivers complete content and network protection, antivirus, application control, web filtering, and VPN along with advanced features such as an extreme threat database, vulnerability management, and flow-based inspection work, all with the scalability and functionality of AWS.

Why FortiGate on AWS?

Built-in AWS firewalls provide a good baseline level of firewall tools, including a web application firewall; however, when your AWS VPCs are interacting with the open Internet, it is essential to augment these baseline firewall features; however, when your AWS VPCs are interacting with the open internet, it is beneficial to augment these baseline tools. FortiGate’s advanced threat detection technology helps to identify threats before they are widely known and recognized. The easy-to-use and streamlined FortiGate user interface allows quicker setup with more granular control than many standard web application firewalls. Configuring multiple high-availability options is relatively straightforward. FortiGate provides next-generation firewall functionality, securing the virtual infrastructure while also providing VPN and Internet gateway protection.

2

FORTIGATE QUICKSTART GUIDE

Here are step-by-step instructions to get FortiGate up and running on AWS:

1. Log in to AWS and go to VPC to create a new VPC.

3

FORTIGATE QUICKSTART GUIDE

2. Go to Subnets and create new two subnets: public and private as shown.

4

FORTIGATE QUICKSTART GUIDE

3. Log in to AWS and click “Launch Instance.”

4. From the left column, select AWS Marketplace and search for “FortiGate,” then select “Fortinet FortiGate-VM (BYOL).”

5. Choose an Instance Type and click Review and Launch.

5

FORTIGATE QUICKSTART GUIDE

6. Select Configure Instance and configure VPC and Subnets.

7. Go to Review and Launch and select Launch.

6

FORTIGATE QUICKSTART GUIDE

8. Select an existing key pair or create a new key pair and confirm check box and click Launch Instances.

9. Rename Instance.

7

FORTIGATE QUICKSTART GUIDE

10. Go to Elastic IPs and add Associate Address for 10.0.0.5.

8

FORTIGATE QUICKSTART GUIDE

11. Open VPC menu and select Route Tables. In Routes tab, add value shown.

And in Subnet Associations, select Private subnet.

9

FORTIGATE QUICKSTART GUIDE

12. In EC2, click in menu Network Interfaces and select Change Source/Dest. Check.

10

FORTIGATE QUICKSTART GUIDE

13. Open HTTPS session with public DNS address.

To hostname, add:

https://xxxx.eu-central-1.compute.amazonaws.com

14. Log in using the following details:

Login: admin

Password: It is your Instance-ID

15. License.

11

FORTIGATE QUICKSTART GUIDE

16. Go to Fortinet portal and download your license. After login, click Manage Products and click the product FortiGate.

Click: License File Download

17. Upload license.

18. Wait for the VM to restart, and reopen the site.

12

FORTIGATE QUICKSTART GUIDE

19. Overview portal.

13

FORTIGATE QUICKSTART GUIDE

20. Go to Network -> Interfaces.

14

FORTIGATE QUICKSTART GUIDE

15

FORTIGATE QUICKSTART GUIDE

21. Set up VM – go to EC2 and click Launch Instance – select Windows Server 2012r2.

22. Select type.

23. Put Network and Subnet for FortiGate.

16

FORTIGATE QUICKSTART GUIDE

24. Select security group for FortiGate.

25. Launch Instances.

17

FORTIGATE QUICKSTART GUIDE

26. Open the FortiGate portal and Configure Policies as shown below. Under Policy & Objects select IPv4 Policy and click Create.

18

FORTIGATE QUICKSTART GUIDE

27. For the second Policy, we will need to create a Virtual IP. As follows

19

FORTIGATE QUICKSTART GUIDE

28. Use this Virtual IP and create the second Policy.

20

FORTIGATE QUICKSTART GUIDE

29. On EC2 Dashboard, edit the FortiGate Security Group to allow RDP.

30. Log in to the Test VM through the FortiGate.

21

Support

For more use cases on Fortinet products and support, please visit www.fortinet.com/aws and Fortinet cloud security solution.

v1.0 07.22.16

Copyright © 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners.

www.fortinet.com

FORTIGATE QUICKSTART GUIDE