Fortinet FortiGate (ONDEMAND) NGFW (HA Supported) 1630

Settings 24FortiGate-Aliyun Deployment Guide Mar, 2018 34. Now we need to add the IPv4 Policy for the outbound traffic 35. Specific the following “ToInternet” policy, let’s enabled the AntiVirus and Application Control here for Demo, also enabled All Sessions log too, then click “OK” 25FortiGate-Aliyun Deployment Guide Mar, 2018 Add ECS worker VMs for testing 36. Just create ECS as usual 37. Remember, cannot use the same VSwitch of the Fortinet, in this case I selected the ECS Vswitch. And don’t need to assign public IP because ECS with Public IP will not route through Fortinet 38. Confirm and create the instance 26FortiGate-Aliyun Deployment Guide Mar, 2018 39. Then reset the VNC password, login password and restart the instance 40. Then connect to the VNC, login to the Windows 41. You should find it is able to connect internet through the Fortinet 27FortiGate-Aliyun Deployment Guide Mar, 2018 42. You should also find the detail log information in the Fortinet as well! 28FortiGate-Aliyun Deployment Guide Mar, 2018 Verify the security capabilities of the Fortinet Demonstrate the Anti-Virus feature 43. In the ECS, visit the website http://metal.fortiguard.com/tests/ 44. Click the run tests, if there is no Firewall Antivirus protection the test will fail 45. As the ECS is protected by Fortinet, you will see it is blocked To have the best Anti-Virus scanning capabilities, make sure the anti-virus definition is up-to- update in Fortinet 29FortiGate-Aliyun Deployment Guide Mar, 2018 46. And we also can see the Threats in Fortinet console 30FortiGate-Aliyun Deployment Guide Mar, 2018 Demonstrate the Application Control access feature 47. Go to Security Profiles -> Application Control, let’s select to block the Video/Audio and Social Media. And click Apply 48. Then try to access facebook and youtube in the ECS, you will see they are not able to connect 31FortiGate-Aliyun Deployment Guide Mar, 2018 49. In the Fortinet console, we will see which clients trying to connect to facebook as well 32FortiGate-Aliyun Deployment Guide Mar, 2018 Enable NAT inbound protection in Fortinet In this sample, I’ll try to enable the Fortinet to protect inbound RDP traffic, the same concept can be applied to HTTP/HTTPS and other services too, this is very useful because most customers want Fortinet to monitor both inbound and outbound traffic 50. Setup the NAT and point to the RDP address of the ECS, Click Virtual IPs under Policy&Objects 51. We map the 3389 port of the Fortinet to the ECS 192.168.1.36 33FortiGate-Aliyun Deployment Guide Mar, 2018 52. Can see the Virtual IP there now 53. Now we will configure the inbound policy for the RDP redirection 54. Name the rule and then choose the Virtual IP we created as the destination 55. Similarly, enable the security profiles you want, and then use All Sessions as Log allowed traffic for demo purpose. 34FortiGate-Aliyun Deployment Guide Mar, 2018 56. The inbound rule is created successfully 35FortiGate-Aliyun Deployment Guide Mar, 2018 57. And now you should be able to use the Fortinet Public IP address to RDP the ECS 58. Logs and sessions information can also be viewed in Fortinet 36FortiGate-Aliyun Deployment Guide Mar, 2018 Conclusions Fortinet is a powerful software that widely used by many international customers, financial and securities industries as well. By leveraging this VM, we should be able to strengthen the confidence of customer for using Cloud. 37">