Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update README.md #6

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 62 additions & 20 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,47 +1,47 @@
FortiGate secure remote access with Terraform beta release.
Line 1: # FortiGate secure remote access with Terraform (beta release)

# Deployment
Line 3: ## Requirements
Line 4: This script requires the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest).

> This script requires the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest).
Line 6: # Deployment

1. Login to Azure with `az login`.<br>
2. Add your Client ID, Subscription ID and Tenant ID to the Terraform vars.tf.<br>
Line 8: 1. Login to Azure with `az login`.
Line 9: 2. Add your Client ID, Subscription ID and Tenant ID to the Terraform `vars.tf`.
3. Adjust the `remote_subnet` and `remote_subnet_netmask` variables to that of your spoke FortiGate subnet range. The default value is `10.100.81.0`.
4. Run `terraform init`.<br>
5. Run `terraform apply`.<br>
Line 11: 4. Run `terraform init`.
Line 12: 5. Run `terraform apply`.

To navigate to your deployed FortiGate use the Public IP address and the default admin port of 8443.
To navigate to your deployed FortiGate use the Public IP address and the default Admin port of 8443.

The default admin username and password can be found in vars.tf under `admin_name` and `admin_password`. <br>
The default Admin username and password can be found in `vars.tf` under `admin_name` and `admin_password`.

<i>Note: <b>EasyKey</b> from the output will contain configuration that can be applied to Spoke VPN devices for ease of configuration. </i>
> **Note:** For ease of configuration, search for **EasyKey** in the output. It will contain configuration that can be applied to Spoke VPN devices.

# Spoke FortiGate Setup

Once the Terraform deployment is complete, follow the steps below to attach the spoke to the FortiGate Hub
Once the Terraform deployment is complete, follow the steps below to attach the spoke to the FortiGate hub.

1. Navigate to your spoke FortiGate and open **VPN > IPsec Wizard**.
2. Enter a **Name** for the spoke.
3. For **Template type**, select `Hub-and-Spoke`.
4. Under **Role**, ensure `Spoke` is selected.
5. Click **Next** and you will be brought to the Authentication tab.

<i>Note: Enter **EasyKey** from the output will contain configuration that can be applied to Spoke VPN devices for ease of configuration.</i><br>
> **Note:** For ease of configuration, search for **EasyKey** in the output. It will contain configuration that can be applied to Spoke VPN devices.

![FortiOS Admin Profile](./imgs/easy_key.png)

### Authentication:

1.Under **Remote IP Address** enter the Public IP address of the FortiGate you deployed. You can find this value in the outputs. You can also run `terraform output` in the deployment folder to see the results again.
### Authentication

1. Under **Remote IP Address** enter the Public IP address of the FortiGate you deployed.<br>You can find this value in the outputs. Run `terraform output` in the deployment folder to see the results again.
2. The **Outgoing interface** should adjust automatically based on the **Remote IP address** entered.
3. Enter the **Pre-shared key**. This can be found in the vars.tf file under `psk_key`.
3. Enter the **Pre-shared key**. This can be found in the `vars.tf` file under `psk_key`.

For <i>EasyKey</i> setup, only the Pre-shared key needs to be entered.

![FortiOS Admin Profile](./imgs/step_2_auth.png)

### Tunnel Interface:
### Tunnel Interface

1. Select an IP address for the SSL VPN tunnel interface.
2. Input the hub tunnel IP address and netmask.
Expand All @@ -62,12 +62,54 @@ For <i>EasyKey</i> setup, only the Pre-shared key needs to be entered.

![FortiOS Admin Profile](./imgs/bring_up_phase_selectors.png)

## SSL VPN Users/Groups creation and configuration guide

### Create a new local user
> These steps are performed on the FortiOS GUI.

1. On the navigation bar, select **User & Device > User Definition**.
2. Click **Create New**:

![Create New Local User](./imgs/create_new_user.png)

3. Select **Local User**.
4. Set up credentials for the user.
5. (Optional) Add an **Email address**.
6. Click **Submit**.

### Create a new User Group
> These steps are performed on the FortiOS GUI.

1. On the navigation bar, select **User & Device > User Groups**.
2. Click **Create New**:

![Create New User Group](./imgs/user_group_selection.png)

3. Under **Type**, select **Firewall**.
4. Enter the name of the group and select members:

![User Group Selection](./imgs/user_group_selection.png)

5. Click **OK**.

### Adding a User/User Group to the SSL VPN Policy
> These steps are performed on the FortiOS GUI.

1. Enter a **Name** for the policy (if not editing).
2. The **Incoming Interface** should be **SSL-VPN tunnel interface (ssl.root)**.
3. Select the desired **Outgoing interface**.
4. Under **Sources**, select addresses and on the **User** tab select the **User** and/or **User group**.
5. Select a **Destination** and **Service**.
6. Click **OK**.

![Policy Settings](./imgs/policy_user_selection.png)

# Support

Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services.
For direct issues, please refer to the [Issues](https://github.com/fortinet/terraform-secure-remote-access/issues) tab of this GitHub project.
For direct issues, please refer to the [Issues](https://github.com/fortinet/terraform-secure-remote-access-beta/issues) tab of this GitHub project.
For other questions related to this project, contact [[email protected]](mailto:[email protected]).

## License

[License](./LICENSE) © Fortinet Technologies. All rights reserved.
[License](./LICENSE) © Fortinet Technologies. All rights reserved.