Fortinet Document Library

Version:


Table of Contents

FortiSandbox VM on Azure

3.1.0
Download PDF
Copy Link

Creating network security groups

Two network security groups must be created:

  • The first must have inbound rules allowing for HTTPS, SSH traffic, and OFTP.
  • The second must have inbound rules allowing for FTP and RDP.
To create network security groups in Azure:
  1. In the Azure portal, select Network Security Groups from the left navigation pane.
  2. Click Add to create a new network security group for the management port subnet.

    Microsoft Azure dashboard showing the creation of a network security group.

  3. Enter the following information:
    Name Enter a name for the network security group.
    Subscription Select a subscription type.
    Resource group Select the resource group you created in the Creating a resource group step.
    Location Select the same location used while setting up the resource group.
  4. Repeat the steps above to create a second network security group for the FSA port2 subnet.
  5. Go to the newly created security groups and configure the inbound rules to allow for the following:
    • Network security group one: HTTPS (TCP 443), SSH traffic (TCP 22), OFTP traffic (TCP 514), and optional: ICAP traffic (TCP 1344), ICAP over SSL (TCP 11344).
    • Network security group two: FTP (TCP 21) and RDP (TCP 3389).
Note

Users can choose to alternatively create only one network security group with the inbound rules allowing for HTTPS, SSH traffic, OFTP, FTP, and RDP.

Creating network security groups

Two network security groups must be created:

  • The first must have inbound rules allowing for HTTPS, SSH traffic, and OFTP.
  • The second must have inbound rules allowing for FTP and RDP.
To create network security groups in Azure:
  1. In the Azure portal, select Network Security Groups from the left navigation pane.
  2. Click Add to create a new network security group for the management port subnet.

    Microsoft Azure dashboard showing the creation of a network security group.

  3. Enter the following information:
    Name Enter a name for the network security group.
    Subscription Select a subscription type.
    Resource group Select the resource group you created in the Creating a resource group step.
    Location Select the same location used while setting up the resource group.
  4. Repeat the steps above to create a second network security group for the FSA port2 subnet.
  5. Go to the newly created security groups and configure the inbound rules to allow for the following:
    • Network security group one: HTTPS (TCP 443), SSH traffic (TCP 22), OFTP traffic (TCP 514), and optional: ICAP traffic (TCP 1344), ICAP over SSL (TCP 11344).
    • Network security group two: FTP (TCP 21) and RDP (TCP 3389).
Note

Users can choose to alternatively create only one network security group with the inbound rules allowing for HTTPS, SSH traffic, OFTP, FTP, and RDP.