FortiGate delivers:
- End-to-end security across the full attack cycle
- Top-rated security validated by third-party testing
- Tight integration and multitenancy with Azure
- Centralized management across physical, virtual, and cloud deployments
- Automation templates for rapid deployment
FortiGate virtual appliances offer protection from a broad array of threats, with support for all of the security and networking services offered by the FortiOS operating system.
IPS technology protects against current and emerging network-level threats. In addition to signature-based threat detection, IPS performs anomaly-based detection which alerts users to any traffic that matches attack behavior profiles.
Change VM size to save some cost if it is for Dev / Test environment.
Standard B1S is not allowed for this type of VM because of network card limitation.
The cheapest one is DS1_v2 with 1vCPU and 3.5 GB RAM.
Create your new Public IP for your FortiGate Firewall, which will be 1:1 NAT to your External Interface IP on FortiGate
Change admin password, ports, and Idle timeout
From the GUI, you can change the admin account from super admin to prof admin, change the password without knowing the original, then change it back to super admin.
From System – Settings – Administration Settings, change
– HTTP port
– HTTPs port
– SSH port
– Idle timeout
Register Product to FortiCloud
Even with a PAYG license, you will need to register your product into FortiCloud and you will be able to get free license and support / product portal for it. Here are all steps you will need to do:
1. From FortiGate Portal to create an account
2. Directly create a FortiCare / FortiCloud account
Here is how to register your VM product to FortiCloud:
To register your new deployed FortiGate VM product, you will need Serial Number and VM ID.
Serial number can be get from following command or Web Gui dashboard:
# diagnose debug cloudinit show
# diagnose debug vm-print-license
# execute vm-license PAYG license exists.
You also can get your VM ID / Instance ID from System Firmware & Registration page:
- Go Dashboard > Status and in the Licenses widget verify the FortiCare Support status.
- Once the registration is complete, you can log in to a FortiGate Cloud account and download the two free tokens that come standard with FortiGates (see FortiTokens).
After you activated your FortiGate Cloud from Dashboard, you will see Activated in status.
then you can see details in FortiGuard license information page. Currently we are using a free license:
From FortiCloud:
Get system status
NETSEC-FGT # get sys status
Version: FortiGate-VM64-AZURE v7.4.3,build2573,240201 (GA.F)
First GA patch build date: 230509
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 24.00040(2024-04-22 17:59)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00524(2023-11-27 18:30)
Serial-Number: FGTAZabcdefghi
License Status: Valid
VM Resources: 1 CPU, 3443 MB RAM
Log hard disk: Available
Hostname: KS-FGT
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2573
Release Version Information: GA
FortiOS x86-64: Yes
System time: Thu May 2 21:16:54 2024
Last reboot reason: warm reboot
Conserve Mode default settings:
# diag hardware sysinfo conserve
memory conserve mode: off
total RAM: 3443 MB
memory used: 1285 MB 37% of total RAM
memory freeable: 474 MB 13% of total RAM
memory used + freeable threshold extreme: 3270 MB 95% of total RAM
memory used threshold red: 3029 MB 88% of total RAM
memory used threshold green: 2823 MB 82% of total RAM
If we assume that the memory will keep increasing from 70% until 98% here is what is supposed to happen:
-when it reaches 95% it goes in extreme mode >>>>starts dropping new connections
-when it reaches 88% goes into red >>>>>>> begins conserve mode, but not to drop connections
-and when it goes below 82% it turns to green which should be the normal value >>>>> acts as nothing is happening, everything flows normal.
Monitoring and Alarming
We can configure an automated stitch to send an e-mail every time a threshold is reached on a FortiGate.
For CPU it could be:
1. First configure a threshold for CPU use:
config system global
set cpu-use-threshold <percent> <- 80% in this case.
2. On the FortiGate
Security Fabric -> Automation -> Stitch -> Create New -> Add Trigger -> High CPU.
Add Action -> Email Notification.
For memory usage:
1. Security Fabric -> Automation -> Stitch -> Create New -> Add Trigger -> Conserve Mode.
Add Action -> Email Notification.
For the moment Automation Stitch does not count for event log for session count.