Configuring FortiGate Firewall via User Data
To configure the FortiGate firewall using User Data:
-
In CoPilot, go to Security > FireNet > FireNet Gateways > select the Firewall tab > click +Firewall.
-
-
Enable Bootstrap Configuration.
-
Select User Data.
-
In the User Data field, enter your Bootstrap Configuration.
A sample FortiGate Bootstrap Configuration to configure firewall "Allow-all" policy, health check policy and RFC 1918 static routes is shown below:
# Simple Example FortiGate Bootstrap Configuration # Not Necessary Fulfill the Requirement for any Customer # Login Username and Password config system admin edit admin set password <password> end # System Hostname config system global set hostname myhost set timezone 04 end # Important HTTPS needs to be allowed on LAN interface for Firewall Health Check config system interface edit port2 set allowaccess https next end #RFC 1918 Routes and Subnet Default Gateway config router static edit 1 set dst 10.0.0.0 255.0.0.0 set gateway 10.26.0.81 set device port2 next edit 2 set dst 192.168.0.0 255.255.0.0 set gateway 10.26.0.81 set device port2 next edit 3 set dst 172.16.0.0 255.240.0.0 set gateway 10.26.0.81 set device port2 next # LoadBalancer IP edit 4 set dst 168.63.129.16 255.255.255.255 set gateway 10.26.0.81 set device port2 next end # Firewall Allow All Policy Example config firewall policy edit 1 set name allow_all set srcintf port2 set dstintf port2 set srcaddr all set dstaddr all set action accept set schedule always set service ALL next end
-
-
Click Deploy to launch the firewall. Wait 15 minutes for it to boot up and initialize.
-
Log in to the HTTPS interface of the public IP with username "admin" and the password specified in the example Fortigate Bootstrap Configuration. For initial FortiGate login information, go to Credentials for FortiGate Initial Login. You must be registered to access the Aviatrix Customer Support website. If you are not already registered, you can sign up at https://support.aviatrix.com.