Optional: Creating a security list
Security list controls the traffic for your VM instances. In order for FortiWeb-VM to connect and run properly, it's recommended to allow traffic for the following port numbers.
|TCP||80||Allow inbound HTTP web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 80.
|TCP||443||Allow inbound HTTPS web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 443.
Allow inbound configuration synchronization requests sent by the peer/remote
FortiWeb-VM from all IPv4 and IPv6 addresses.
|TCP||22||Allow inbound SSH access from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through CLI. You can set the port range according to your own needs.
|TCP||90||Allow inbound access requests sent by FortiWeb Manager from all IPv4 and IPv6 addresses.
Add this rule only if you use FortiWeb Manager to manage your FortiWeb-VMs. The port range should be set as 90.
|TCP||8080||Allow inbound HTTP access to FortiWeb GUI from all IPv4 and IPv6 addresses.
This is optional. The HTTP access to FortiWeb's GUI will be redirected to HTTPS.
|TCP||8443||Allow inbound HTTPS access to FortiWeb GUI from all IPv4 and IPv6 addresses.
This is mandatory.
In addition to the ports listed above, FortiWeb uses other ports for incoming traffic (listening) depending on different purposes. See Appendix A: Port numbers for more information.
To create a security list and allow traffic for certain ports:
- Click Default Security List for the 10.0.0.0/24, which you defined as the public side of the network.
- Note that by default, port 22 is allowed.
- Click Edit all Rules > Add Rule. Manually add a rule to allow ports according to your own needs. In the following screenshot, we configure the settings to allow traffic for port 22, 90, 995, 80, 443, 8080, and 8443.
- Click Save Security List Rules.