Fortinet Document Library

Version:


Table of Contents

6.3.2
Copy Link

Configuring Google Cloud Firewall Rules

Firewall rules control the traffic for your VM instances. Google Cloud by default has your VPC behind a basic firewall. When you create a VPC, there are settings to allow traffic for certain port numbers. In order for FortiWeb-VM to connect and run properly, it's recommended to allow traffic for the following port numbers.

Protocol Port range Purpose
TCP 80 Allow inbound HTTP web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 80.
TCP 443 Allow inbound HTTPS web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 443.
TCP 995

Allow inbound configuration synchronization requests sent by the peer/remote FortiWeb-VM from all IPv4 and IPv6 addresses.
Add this rule if you want to use the Config Synchronization feature of FortiWeb. The port range should be set as 995.

TCP 22 Allow inbound SSH access from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through CLI. You can set the port range according to your own needs.
TCP 90 Allow inbound access requests sent by FortiWeb Manager from all IPv4 and IPv6 addresses.
Add this rule only if you use FortiWeb Manager to manage your FortiWeb-VMs. The port range should be set as 90.
TCP 8080 Allow inbound HTTP access to FortiWeb GUI from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through GUI. You can set the port range according to your own needs.
TCP 8443 Allow inbound HTTPS access to FortiWeb GUI from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through GUI. You can set the port range according to your own needs.

In addition to the ports listed above, FortiWeb uses other ports for incoming traffic (listening) depending on different purposes. See Appendix A: Port numbers for more information.

To edit the firewall rules for the FortiWeb-VM instance:

  1. Navigate to the VPC where the public-facing subnet belongs for the FortiWeb.
  2. Select Firewall rule, then Add firewall rule if the required port is not open.

Configuring Google Cloud Firewall Rules

Firewall rules control the traffic for your VM instances. Google Cloud by default has your VPC behind a basic firewall. When you create a VPC, there are settings to allow traffic for certain port numbers. In order for FortiWeb-VM to connect and run properly, it's recommended to allow traffic for the following port numbers.

Protocol Port range Purpose
TCP 80 Allow inbound HTTP web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 80.
TCP 443 Allow inbound HTTPS web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 443.
TCP 995

Allow inbound configuration synchronization requests sent by the peer/remote FortiWeb-VM from all IPv4 and IPv6 addresses.
Add this rule if you want to use the Config Synchronization feature of FortiWeb. The port range should be set as 995.

TCP 22 Allow inbound SSH access from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through CLI. You can set the port range according to your own needs.
TCP 90 Allow inbound access requests sent by FortiWeb Manager from all IPv4 and IPv6 addresses.
Add this rule only if you use FortiWeb Manager to manage your FortiWeb-VMs. The port range should be set as 90.
TCP 8080 Allow inbound HTTP access to FortiWeb GUI from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through GUI. You can set the port range according to your own needs.
TCP 8443 Allow inbound HTTPS access to FortiWeb GUI from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through GUI. You can set the port range according to your own needs.

In addition to the ports listed above, FortiWeb uses other ports for incoming traffic (listening) depending on different purposes. See Appendix A: Port numbers for more information.

To edit the firewall rules for the FortiWeb-VM instance:

  1. Navigate to the VPC where the public-facing subnet belongs for the FortiWeb.
  2. Select Firewall rule, then Add firewall rule if the required port is not open.