Fortinet black logo

Create network security groups

Copy Link
Copy Doc ID baade84c-0e8a-11ed-bb32-fa163e15d75b:124979
Download PDF

Create network security groups

Create two network security groups:

  • The first security group must have inbound rules allowing for HTTPS, SSH traffic, OFTP, FortiGuard, FTP and RDP.
  • The second security group must have inbound rules allowing for FTP and RDP.
To create network security groups in Azure:
  1. In the Azure portal, click Network security groups in the left pane.
  2. Click Add to create a new network security group for FortiSandbox port1 subnet (the management subnet).

    Microsoft Azure dashboard showing the creation of a network security group.

  3. Enter the following information:

    Subscription

    Select a subscription type.

    Resource group

    Select the resource group you created in the Create a resource group step.

    Name

    Name of the network security group.

    Region

    Select the location you used when you set up the resource group.

  4. Repeat these steps to create a second network security group for the FortiSandbox port2 subnet (FSA reserved port2 for firmware instance to communicate with local Windows or Linux clones).
  5. Go to the security groups and configure the inbound rules:
    • Network security group one: HTTPS (TCP 443), SSH traffic (TCP 22), OFTP traffic (TCP 514).

      Optional: ICAP traffic (TCP 1344), ICAP over SSL (TCP 11344), RDP to VM interaction (FortiSandbox reserved 9833).

    • Network security group two: FTP (TCP 21).
      Note

      If you choose to use Windows cloud clones located in Fortinet Data Center, the network security group for port2 subnet is not required.

  6. Configure the outbound rules: Allow traffic to go out.

Create network security groups

Create two network security groups:

  • The first security group must have inbound rules allowing for HTTPS, SSH traffic, OFTP, FortiGuard, FTP and RDP.
  • The second security group must have inbound rules allowing for FTP and RDP.
To create network security groups in Azure:
  1. In the Azure portal, click Network security groups in the left pane.
  2. Click Add to create a new network security group for FortiSandbox port1 subnet (the management subnet).

    Microsoft Azure dashboard showing the creation of a network security group.

  3. Enter the following information:

    Subscription

    Select a subscription type.

    Resource group

    Select the resource group you created in the Create a resource group step.

    Name

    Name of the network security group.

    Region

    Select the location you used when you set up the resource group.

  4. Repeat these steps to create a second network security group for the FortiSandbox port2 subnet (FSA reserved port2 for firmware instance to communicate with local Windows or Linux clones).
  5. Go to the security groups and configure the inbound rules:
    • Network security group one: HTTPS (TCP 443), SSH traffic (TCP 22), OFTP traffic (TCP 514).

      Optional: ICAP traffic (TCP 1344), ICAP over SSL (TCP 11344), RDP to VM interaction (FortiSandbox reserved 9833).

    • Network security group two: FTP (TCP 21).
      Note

      If you choose to use Windows cloud clones located in Fortinet Data Center, the network security group for port2 subnet is not required.

  6. Configure the outbound rules: Allow traffic to go out.