Fortinet black logo

OpenStack Administration Guide

Creating a user_data file to pre-configure a FortiGate-VM instance

Copy Link
Copy Doc ID e842eb6e-694a-11ea-9384-00505692583a:27982
Download PDF

Creating a user_data file to pre-configure a FortiGate-VM instance

The following example user_data file sets up a FortiGate-VM instance (fgt-vm-1) with a basic default configuration customized for your environment and requirements. This example configures interfaces, adds a DNS server, and configures two firewall policies that allow devices in network-l and network-r to access the private01 network and the Internet through the private01 network.

The following example user_data file could be used for fgt-vm-1:

#FGT VM Config File

config sys global

set hostname fgt-vm-1

end

config system interface

edit port1

set mode dhcp

set allowaccess http https ssh ping

next

edit port2

set mode dhcp

set defaultgw disable

set allowaccess http https ssh ping

next

edit port3

set mode dhcp

set defaultgw disable

set allowaccess http https ssh ping

next

end

config system dns

set primary 208.91.112.53

end

config firewall policy

edit 1

set name "network-l internet access"

set dstintf "port3"

set srcintf "port1"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set nat enable

next

edit 2

set name "network-r internet access"

set dstintf "port2"

set srcintf "port1"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set nat enable

end

config system central-management

set include-default-servers disable

set type fortimanager

set fmg 10.210.8.25

config server-list

edit 1

set server-type update rating

set server-address 10.210.8.25

end

end

Creating a user_data file to pre-configure a FortiGate-VM instance

The following example user_data file sets up a FortiGate-VM instance (fgt-vm-1) with a basic default configuration customized for your environment and requirements. This example configures interfaces, adds a DNS server, and configures two firewall policies that allow devices in network-l and network-r to access the private01 network and the Internet through the private01 network.

The following example user_data file could be used for fgt-vm-1:

#FGT VM Config File

config sys global

set hostname fgt-vm-1

end

config system interface

edit port1

set mode dhcp

set allowaccess http https ssh ping

next

edit port2

set mode dhcp

set defaultgw disable

set allowaccess http https ssh ping

next

edit port3

set mode dhcp

set defaultgw disable

set allowaccess http https ssh ping

next

end

config system dns

set primary 208.91.112.53

end

config firewall policy

edit 1

set name "network-l internet access"

set dstintf "port3"

set srcintf "port1"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set nat enable

next

edit 2

set name "network-r internet access"

set dstintf "port2"

set srcintf "port1"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set nat enable

end

config system central-management

set include-default-servers disable

set type fortimanager

set fmg 10.210.8.25

config server-list

edit 1

set server-type update rating

set server-address 10.210.8.25

end

end