Creating a gateway on the FortiPAM CLI
FortiPAM now allows configuring a gateway, e.g., a FortiPAM, a FortiGate, or a FortiProxy device, when a target is not reachable directly from FortiPAM to proxy the connection to the target.
To create a gateway:
-
In the CLI console, enter the following commands to configure the gateway:
config secret gateway edit "test1" set status enable #default value set type forward #default value set address <string> set port 443 #default value set sni <string> set url-map "tcp" #default value set ssl-max-version tls-1.3 #default value set client-cert <string> set ca <string> set description <string> next end
Variable
Description
status {enable | disable}
Enable/disable the gateway (default = enable).
type forward
The forward connection mode.
address <string>
The gateway IP address or FQDN.
port <integer>
The gateway port number (1 - 65535, default = 443).
sni <string>
The gateway SNI for TLS.
If the
address
is an IP address, thesni
is the TLS's SNI extension value, which can be used in the gateway for virtual hosting on the same IP address.url-map <string>
The TCP forwarding access proxy path.
This is the gateway's URL map for TFAP(TCP Forwarding Application Proxy).
ssl-max-version {tls-1.1 | tls-1.2 | tls-1.3}
The highest TLS version acceptable from a server (default = tls-1.3).
This is the TLS version between FortiPAM and the gateway.
client-cert <string>
The client certificate for mTLS.
This is required if the gateway requests a client certificate.
ca <string>
The CA certificate verification for mTLS.
This is used for the gateway certificate verification.
description <string>
A description for the gateway.
- In the CLI console, enter the following commands to configure a target with gateway:
config secret target edit "172.16.80.101" set class "Other" set templete "Unix Account (SSH Password)" set address <string> set gateway "test1" #using the gateway created in step 1 set creation-time <datetime> #syntax yyyy-mm-dd hh:mm:ss, year= 2001-2037 set web-proxy-status disable next end
See FortiPAM connects to a target through a FortiProxy acting as the gateway Example.