Step 6.0 – FortiGate Configuration

While the Windows VM is being provisioned you can finish the FortiGate configuration.

Step 6.1 – Update FortiGate Password

Update the FortiGate password as there are many bots that attempt to log in to newly provisioned devices on AWS subnets.

Figure 30

Step 6.2 – Confirm network settings

Set the port2 interface IP address settings (private subnet)

Step 6.3 – Setup basic policies

For this example we are going to create the following policies.  (Samples below)

• NAT & allow outbound access o (Optional) You can apply any additional policies if you want to demonstrate features such as Web-filtering, DLP, etc.
• Port forwarding port 3389 to the Windows server
• Any required logging for troubleshooting

config firewall policy     edit 1         set srcintf “port2”         set dstintf “port1”         set srcaddr “all”         set dstaddr “all”         set action accept         set schedule “always”         set service “ALL”         set utm-status enable         set logtraffic all         set av-profile “default”         set ips-sensor “default”         set profile-protocol-options “default”         set nat enable     next

edit 2         set srcintf “port1”         set dstintf “port2”         set srcaddr “all”         set dstaddr “Windows-RDP”         set action accept         set schedule “always”         set service “ALL”         set utm-status enable         set logtraffic all         set av-profile “AV-flow”         set ips-sensor “default”         set profile-protocol-options “default”     next end  config firewall vip     edit “Windows-RDP”         set extintf “port1”         set portforward enable         set mappedip 10.0.1.25         set extport 3389         set mappedport 3389     next end