Step 3: Firewall Configuration
Configure firewall policies as appropriate to allow access from the isolation network for the domains added to the FortiNAC Allowed Domains List.
Example using FortiGate: Consult the steps in the FortiGate admin guide for help with the following configuration.
https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/656084/firewall-policy
https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/707266/fqdn-addresses
Step 3a: Create Firewall Policy
Create addresses
-
Go to Policy & Objects > Address.
-
Create the below addresses for the FQDN respectively:
-
*.portal.azure.com
-
*.applicationinsights.io
-
azure.com
-
azure.net
-
*.azure-api.net
-
*azuredatalakestore.net
-
*.azureedge.net
-
login.microsoftonline.com
-
login.microsoft.com
-
*.microsoftonline-p.com
-
*.trafficmanager.net
-
*.subscriptionrp.trafficmanager.net
-
graph.windows.net
-
*graph.microsoft.com
-
*.microsoft.net
-
*.account.microsoft.com
-
*.logincdn.msftauth.net
-
*.avg.com
-
aka.ms
-
*.signup.azure.com
-
*.akadns.com
-
*ad.azure.com
-
*.arc.azure.net
-
*logic.azure.com
-
adf.azure.com
-
*.trafficmanager.net
-
Step 3b: Create Firewall Policy
-
Go to Policy & Objects > Firewall Policy, create a Firewall Policy.
Incoming Interface: isolation vlan interface
Outgoing Interface: public network interface
Destination: Add all created addresses for Azure
Service:
Azure new service
HTTP
HTTPS