Skip to content

klc178/terraform-secure-remote-access-beta

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
configscripts
configscripts
 
 
imgs
imgs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
data.tf
data.tf
 
 
main.tf
main.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
vars.tf
vars.tf
 
 

Repository files navigation

FortiGate secure remote access with Terraform beta release.

Deployment

This script requires the Azure CLI.

  1. Login to Azure with az login.
  2. Add your Client ID, Subscription ID and Tenant ID to the Terraform vars.tf.
  3. Adjust the remote_subnet and remote_subnet_netmask variables to that of your spoke FortiGate subnet range. The default value is 10.100.81.0.
  4. Run terraform init.
  5. Run terraform apply.

To navigate to your deployed FortiGate use the Public IP address and the default admin port of 8443.

The default admin username and password can be found in vars.tf under admin_name and admin_password.

Note: EasyKey from the output will contain configuration that can be applied to Spoke VPN devices for ease of configuration.

Spoke FortiGate Setup

Once the Terraform deployment is complete, follow the steps below to attach the spoke to the FortiGate Hub

  1. Navigate to your spoke FortiGate and open VPN > IPsec Wizard.
  2. Enter a Name for the spoke.
  3. For Template type, select Hub-and-Spoke.
  4. Under Role, ensure Spoke is selected.
  5. Click Next and you will be brought to the Authentication tab.

Note: Enter EasyKey from the output will contain configuration that can be applied to Spoke VPN devices for ease of configuration.

FortiOS Admin Profile

Authentication:

1.Under Remote IP Address enter the Public IP address of the FortiGate you deployed. You can find this value in the outputs. You can also run terraform output in the deployment folder to see the results again.

  1. The Outgoing interface should adjust automatically based on the Remote IP address entered.
  2. Enter the Pre-shared key. This can be found in the vars.tf file under psk_key.

For EasyKey setup, only the Pre-shared key needs to be entered.

FortiOS Admin Profile

Tunnel Interface:

  1. Select an IP address for the SSL VPN tunnel interface.

  2. Input the hub tunnel IP address and netmask.

    FortiOS Admin Profile

Policy & Routing

  1. Select the local interface, and input the local subnet.

  2. Click Create and the VPN wizard should finalize.

    FortiOS Admin Profile

Bring Up Phase Selectors

  1. Navigate to Monitor > IPsec Monitor.

  2. Select the new VPN and bring up the connection.

    FortiOS Admin Profile

Support

Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services. For direct issues, please refer to the Issues tab of this GitHub project. For other questions related to this project, contact [email protected].

License

License © Fortinet Technologies. All rights reserved.

About

Beta Release of Terraform Secure Remote Access

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 100.0%