Configuring FortiGate Firewall via User Data

After you have launched the FortiGate firewall instance, you can use this method to configure FortiGate using Custom Data.

  1. In CoPilot, select FireNet on the left.

  2. On the FireNet tab, select a Transit FireNet in the list and click the Edit icon at the top.

  3. Scroll down to the Egress toggle switch and click to turn it ON.

  4. Click Save.

  5. Select the Firewall tab at the top.

  6. Click the caret (^) sign beside + Firewall and select Associate Existing Firewall.

  7. Fill in the required fields. Scroll down and click on the Bootstrap Configuration toggle switch to turn it ON.

  8. In the User Data field, enter your Bootstrap Configuration.

Sample FortiGate Bootstrap Configuration to configure firewall "Allow-all" policy, health check policy and RFC 1918 static routes is shown below:

# Simple Example FortiGate Bootstrap Configuration
# Not Necessary Fulfill the Requirement for any Customer

# Login Username and Password
config system admin
    edit admin
        set password <password>
end

# System Hostname
config system global
    set hostname myhost
    set timezone 04
end

# Important HTTPS needs to be allowed on LAN interface for Firewall Health Check
config system interface
    edit port2
        set allowaccess https
    next
end

#RFC 1918 Routes and Subnet Default Gateway
config router static
    edit 1
        set dst 10.0.0.0 255.0.0.0
        set gateway 10.26.0.81
        set device port2
    next
    edit 2
        set dst 192.168.0.0 255.255.0.0
        set gateway 10.26.0.81
        set device port2
    next
    edit 3
        set dst 172.16.0.0 255.240.0.0
        set gateway 10.26.0.81
        set device port2
    next
    # LoadBalancer IP
    edit 4
        set dst 168.63.129.16 255.255.255.255
        set gateway 10.26.0.81
        set device port2
    next
end

# Firewall Allow All Policy Example
config firewall policy
    edit 1
        set name allow_all
        set srcintf port2
        set dstintf port2
        set srcaddr all
        set dstaddr all
        set action accept
        set schedule always
        set service ALL
    next
end

  1. Click Save to launch the firewall. Wait for 15 minutes for it to boot up and initialize.

  2. Log in to the HTTPS interface of the public IP with username "admin" and the password specified in the example Fortigate Bootstrap Configuration. For initial FortiGate login information, go to Credentials for FortiGate Initial Login. You must be registered to access the Aviatrix Customer Support website. If you are not already registered, you can sign up at https://support.aviatrix.com.