Creating a user_data file to pre-configure a FortiGate-VM instance
The following example user_data file sets up a FortiGate-VM instance (fgt-vm-1) with a basic default configuration customized for your environment and requirements. This example configures interfaces, adds a DNS server, and configures two firewall policies that allow devices in network-l and network-r to access the private01 network and the internet through the private01 network.
The following example user_data file could be used for fgt-vm-1:
#FGT VM Config File
config sys global
set hostname fgt-vm-1
end
config system interface
edit port1
set mode dhcp
set allowaccess http https ssh ping
next
edit port2
set mode dhcp
set defaultgw disable
set allowaccess http https ssh ping
next
edit port3
set mode dhcp
set defaultgw disable
set allowaccess http https ssh ping
next
end
config system dns
set primary 208.91.112.53
end
config firewall policy
edit 1
set name "network-l internet access"
set dstintf "port3"
set srcintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
edit 2
set name "network-r internet access"
set dstintf "port2"
set srcintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
end
config system central-management
set include-default-servers disable
set type fortimanager
set fmg 10.210.8.25
config server-list
edit 1
set server-type update rating
set server-address 10.210.8.25
end
end