Skip to content

fortinet/demo-extensions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
jenkins
jenkins
 
 
terraform_fortios_provider
terraform_fortios_provider
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cloud-init.sh
cloud-init.sh
 
 
config_script
config_script
 
 
get-external-ip.sh
get-external-ip.sh
 
 
main.tf
main.tf
 
 
run-set-api-key.sh
run-set-api-key.sh
 
 
runInspector.py
runInspector.py
 
 
set-api-key.sh
set-api-key.sh
 
 

Repository files navigation

FortiOS Provider Integration with Terraform

Description

A Terraform script to demonstrate FortiOS provider to configure a FortiGate VM in AWS.

Running the code below with a FortiDemo instance will request a connection to the Security Fabric. The user will need to authorize the FortiGate AWS VM from the Fabric Connectors page.

Additionally, the script will also initiate an AWS Inspector run on the Ubuntu instance in the private subnet.

Requirements

Deployment overview

Terraform deploys the following components:

  • A VPC with two subnets, one private, one public
  • An Internet gateway
  • A NAT gateway
  • An Ubuntu 18.04 instance in the private subnet
  • A FortiGate PAYG instance with two NICs, one in each subnet
  • An S3 bucket, to store the config files
  • A security group with no restrictions
  • An AWS Inspector template and targets

Deployment

Note: By default the script expects an ssh key at ~/.ssh/id_rsa.pub

Note:IPV6 The FortiGate cloud-init data expects an ipv4 address to be added to the trusthost. If you are using ipv6 you will need to adjust the trusthost under config_script set ipv4-trusthost to set ipv6-trusthost To deploy the FortiDemo Inspector:

  1. Clone the repository.

  2. Change to the cloned directory and initialize the providers and modules:

    $ cd fortidemo-inspector
$ terraform init

  3. Submit the Terraform plan using the command below. Replace the variables with your own AccessKey and Secret Key.

    $ terraform plan -var "access_key=<access_key>" -var "secret_key=<secret_key>" -var "fortidemo_ip=<ip_address>"

  4. Verify output.

  5. Confirm and apply the plan:

    $ terraform apply -var "access_key=<access_key>" -var "secret_key=<secret_key>" -var "fortidemo_ip=<ip_address>"

  6. If output is satisfactory, type yes.

Destroy the cluster

To destroy the cluster, use the command:

$ terraform destroy -var "access_key=<access_key>" -var "secret_key=<secret_key>"

Additional information

The region is hard-coded to us-west-1. If the region is changed, the inspector rules must also be changed under rules_package_arns in "aws_inspector_assessment_template" "inspector_template". Inspector rule ARNs can be found here.

Support

Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services. For direct issues, please refer to the Issues tab of this GitHub project. For other questions related to this project, contact github@fortinet.com.

License

License © Fortinet Technologies. All rights reserved.

About

FortiDemo Extensions

Topics

aws terraform fortigate fortinet fortigate-automation fortigate-provider-example

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

10 watching

Forks

5 forks
Report repository

Releases

6 tags

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages