Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Testing the setup

When all services have been created and configured properly, execute this simple test to verify your work.

  1. Create and run the test event from the Lambda function.
    1. From the Test Event dropdown list, select Configure test events.
    2. Select Create new test event to add a test event with the content as the code snippet below.

      {

      "id": "fa9fa4a5-0232-188d-da1c-af410bcfc344",

      "detail": {

      "service": {

      "serviceName": "guardduty",

      "action": {

      "networkConnectionAction": {

      "connectionDirection": "INBOUND",

      "remoteIpDetails": {

      "ipAddressV4": "192.168.123.123"

      }

      }

      },

      "additionalInfo": {

      "threatListName": "GeneratedFindingThreatListName">

      },

      "eventLastSeen": "2018-07-18T22:12:01.720Z"

      },

      "severity": 3

      }

      }

    3. From the Test Event dropdown list again, select the event you have just created, then click Test to execute this Lambda function with the given event.
  2. Verify the test result.
    1. If everything was set up correctly, you will see Execution result: succeeded on the top of the page of this Lambda function.
    2. Check and see a record with finding_id - fa9fa4a5-0232-188d-da1c-af410bcfc344 and ip - 192.168.123.123 is in the DynamoDB table - my-aws-lambda-guardduty-db.
    3. Check and see the file ip_blocklist resides in the S3 bucket my-aws-lambda-guardduty.
    4. Check that the ip_blocklist file has a Read object permission for Everyone under the Public access section.
    5. Check that the ip_blocklist is accessible through its link in browser (e.g. https://s3-us-east-1.amazonaws.com/***my-aws-lambda-guardduty***/ip_blocklist)
    6. Check that the ip_blocklist file contains 192.168.123.123 in a single line in its content.

Resources

Testing the setup

When all services have been created and configured properly, execute this simple test to verify your work.

  1. Create and run the test event from the Lambda function.
    1. From the Test Event dropdown list, select Configure test events.
    2. Select Create new test event to add a test event with the content as the code snippet below.

      {

      "id": "fa9fa4a5-0232-188d-da1c-af410bcfc344",

      "detail": {

      "service": {

      "serviceName": "guardduty",

      "action": {

      "networkConnectionAction": {

      "connectionDirection": "INBOUND",

      "remoteIpDetails": {

      "ipAddressV4": "192.168.123.123"

      }

      }

      },

      "additionalInfo": {

      "threatListName": "GeneratedFindingThreatListName">

      },

      "eventLastSeen": "2018-07-18T22:12:01.720Z"

      },

      "severity": 3

      }

      }

    3. From the Test Event dropdown list again, select the event you have just created, then click Test to execute this Lambda function with the given event.
  2. Verify the test result.
    1. If everything was set up correctly, you will see Execution result: succeeded on the top of the page of this Lambda function.
    2. Check and see a record with finding_id - fa9fa4a5-0232-188d-da1c-af410bcfc344 and ip - 192.168.123.123 is in the DynamoDB table - my-aws-lambda-guardduty-db.
    3. Check and see the file ip_blocklist resides in the S3 bucket my-aws-lambda-guardduty.
    4. Check that the ip_blocklist file has a Read object permission for Everyone under the Public access section.
    5. Check that the ip_blocklist is accessible through its link in browser (e.g. https://s3-us-east-1.amazonaws.com/***my-aws-lambda-guardduty***/ip_blocklist)
    6. Check that the ip_blocklist file contains 192.168.123.123 in a single line in its content.