Deploying Fortinet FortiGate HA (HAVIP) on Alibaba Cloud

Setup Virtual Private Cloud (VPC)

1. Assume this is the new environment, now let’s create the VPC first

Subscribe to the Fortinet VM in Marketplace

8. Access to our marketplace : https://marketplace.alibabacloud.com/ , and search for Fortinet

Setting Up the HAVIP on Alibaba Cloud Web Console

27. Create a new HAVIP address, select the VPC and FortiGate Port1 VSwitch, and set the HAVIP address.

config system ha
set group-name "ha"
set mode a-p
set hbdev "port2" 0
set session-pickup enable
set ha-mgmt-status enable
config ha-mgmt-interface
edit 1
set interface "port3"
set gateway 192.168.3.253 --- gateway on vswitch
next
end
set priority 200 --- the higher value will be Master
set monitor "port1"
set unicast-hb enable
set unicast-hb-peerip 192.168.1.250 --- IP address on FGT-Slave port2
end
config system ha
set group-name "ha"
set mode a-p
set hbdev "port2" 0
set session-pickup enable
set ha-mgmt-status enable
config ha-mgmt-interface
edit 1
set interface "port3"
set gateway 192.168.3.253 --- gateway on vswitch
next
end
set priority 100
set monitor "port1"
set unicast-hb enable
set unicast-hb-peerip 192.168.1.249 --- IP address on FGT-Master port2
end
config system interface
edit "port1"
set secondary-IP enable
config secondaryip
edit 1
set ip 192.168.0.252 255.255.255.0 --- this ip address should be same with HAVIP address
set allowaccess ping https ssh
next
end
next
end

Configure Fortinet Firewall

32. You can change password here after logging in

Add ECS Worker VMs for Testing

36. Just create ECS as usual

Verify the Security Capabilities of the Fortinet

Demonstrate the Anti-Virus Feature

43. In the ECS, visit the website http://metal.fortiguard.com/tests/

Demonstrate the Application Control Access Feature

47. Go to Security Profiles -> Application Control, let’s select to block the Video/Audio and Social Media. And click Apply

Enable NAT Inbound Protection in Fortinet

In this sample, I’ll try to enable the Fortinet to protect inbound RDP traffic, the same concept can be applied to HTTP/HTTPS and other services too, this is very useful because most customers want Fortinet to monitor both inbound and outbound traffic

Conclusion

Fortinet is a powerful software that widely used by many international customers, financial and securities industries as well. By leveraging this VM, we should be able to strengthen the confidence of customer for using Cloud.

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.