Академический Документы
Профессиональный Документы
Культура Документы
4
More on…AWS GitHub Site
5
More on…AWS Fortinet Web Site
6
Target Public Cloud
AWS WAF service
8
AWS WAF Managed Rules
9
Fortinet & AWS Guard Duty
Fortinet fully integrates with AWS
Guard Duty
Guard Duty generates an event in
cloudwatch which feeds a file on S3.
FortiOS integrate external IP lists to
its local detection database using a
connector.
10
HA in same AZ
11
HA cross AZ
A B
Move EIP
Config sync
12
Transit VPC
2nd account
*Template: TransitVPC primary account *Template: TransitVPC Spoke VPC *Template: TransitVPC secondary
account
13
Fortinet SDN connector & AWS
FortiOS can use AWS API to dynamically pull
information from AWS environment.
Dynamic objects are used to integrate AWS
components to FortiOS security
• 10.1.0.23
• 10.1.0.141
• 10.1.0.219
14
Fortinet Automation & AWS
Security events raised by FortiOS can trigger AWS services.
Then Lambda can do anything
Fortigate
15
More coming
16
Michael Haines
Senior Cloud Architect
mah@fortinet.com
18
What are ARM
Templates
Template file, JSON e.g.
fortigatedeploy.json, Main file,
declares resources, input parameters
etc.
Parameters file, JSON e.g.
fortigatedeploy.parameters.json,
Optional file, provides values for all
the parameters at deploy time
Deployed into a Resource group,
groups are not defined in the
template
19
Fortinet’s Solution ARM Templates
Developed by Fortinet
» For all products that are available from the Azure Marketplace
Tested and Certified by Microsoft
» Fortinet submits its Solution ARM Templates to the Microsoft Azure Team for
Certification (this process can be lengthy!)
Fortinet’s ARM Templates Published
» The Microsoft Azure Team Publish Fortinet’s Solution ARM Templates
20
Fortinet Use-Cases when using ARM Templates
21
Getting Started with Fortinet’s ARM Templates
Where do I get ARM Templates from
» Create your ARM Templates from scratch (much more complex!)
Azure Portal (UI)
» Use the Azure Portal (UI) and just before you deploy one of Fortinet’s Solutions,
select 'Download template and parameters' this includes everything you need to
get started
Azure Portal (UI) Resource Group
» If your Application e.g. FortiGate-VM ‘virtual appliance’ is already running, go to the
Azure Portal (UI), select your ‘Resource Group' and then select 'Automation script’
Fortinet’s GitHub Repository
» Get Fortinet's Custom ARM Templates from Fortinet's GitHub Repository. The
Azure Templates are located here : https://github.com/fortinetsolutions/Azure-
Templates
22
Getting Started with What Tools to Use
Use your Favorite Editor
» You can use an editor such as vi, emacs etc., but this is much more complex and
really not advisable
Azure Portal (UI)
» Use the Azure Portal (UI) and just before you deploy one of Fortinet’s Solutions,
select 'Download template and parameters' this includes everything you need to
get started
Azure Portal (UI) Resource Group
» If your Application e.g. FortiGate-VM ‘virtual appliance’ is already running, go to the
Azure Portal (UI), select your ‘Resource Group' and then select 'Automation script’
Fortinet’s GitHub Repository
» Get Fortinet's Custom ARM Templates from Fortinet's GitHub Repository. The
Azure Templates are located here : https://github.com/fortinetsolutions/Azure-
Templates
23
Good Practices when Developing ARM
Templates
Validation
» Before you ‘commit’ anything to your GIT repository, ‘Validate’ your
‘template’ and ‘parameters’ file
» Example using the Azure CLI :
24
Good Practices when Developing ARM
Templates
25
Summary of Practices when Developing ARM
Templates
Use Git
Validate, then Commit
Minimize the use of Parameters
Use a Unique Identifier / Unique String
Use Variables wherever possible
26