Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on Azure

    Home FortiSandbox Public Cloud 3.1.0 FortiSandbox VM on Azure
    3.1.0
    5.0.0
    4.4.0
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Creating network security groups

    Creating network security groups

    Create two network security groups:

    • The first security group must have inbound rules allowing for HTTPS, SSH traffic, and OFTP.
    • The second security group must have inbound rules allowing for FTP and RDP.
    To create network security groups in Azure:
    1. In the Azure portal, click Network security groups in the left pane.
    2. Click Add to create a new network security group for the management port subnet.

      Microsoft Azure dashboard showing the creation of a network security group.

    3. Enter the following information:

      Subscription

      Select a subscription type.

      Resource group

      Select the resource group you created in the Creating a resource group step.

      Name

      Name of the network security group.

      Region

      Select the location you used when you set up the resource group.
    4. Repeat these steps to create a second network security group for the FortiSandbox port2 subnet.
    5. Go to the security groups and configure the inbound rules:
      • Network security group one: HTTPS (TCP 443), SSH traffic (TCP 22), OFTP traffic (TCP 514), and optional: ICAP traffic (TCP 1344), ICAP over SSL (TCP 11344).
      • Network security group two: FTP (TCP 21) and RDP (TCP 3389).
    Note

    Alternatively, you can create only one network security group with the inbound rules allowing for HTTPS, SSH traffic, OFTP, FTP, and RDP.

    Example of inbound rules

    Example of outbound rules

    Previous
    Next

    Creating network security groups

    Creating network security groups

    Create two network security groups:

    • The first security group must have inbound rules allowing for HTTPS, SSH traffic, and OFTP.
    • The second security group must have inbound rules allowing for FTP and RDP.
    To create network security groups in Azure:
    1. In the Azure portal, click Network security groups in the left pane.
    2. Click Add to create a new network security group for the management port subnet.

      Microsoft Azure dashboard showing the creation of a network security group.

    3. Enter the following information:

      Subscription

      Select a subscription type.

      Resource group

      Select the resource group you created in the Creating a resource group step.

      Name

      Name of the network security group.

      Region

      Select the location you used when you set up the resource group.
    4. Repeat these steps to create a second network security group for the FortiSandbox port2 subnet.
    5. Go to the security groups and configure the inbound rules:
      • Network security group one: HTTPS (TCP 443), SSH traffic (TCP 22), OFTP traffic (TCP 514), and optional: ICAP traffic (TCP 1344), ICAP over SSL (TCP 11344).
      • Network security group two: FTP (TCP 21) and RDP (TCP 3389).
    Note

    Alternatively, you can create only one network security group with the inbound rules allowing for HTTPS, SSH traffic, OFTP, FTP, and RDP.

    Example of inbound rules

    Example of outbound rules

    Previous
    Next