FortiGate: Deploying a virtual firewall
From time to time we have to test our IT infrastructure against attacks to know if we are protected enough. A good way to play with firewalls is with a virtual infrastructure where we can deploy our own laboratory. This is not only useful for testing our configuration in a laboratory without changing the production environment but it is also useful for testing new features and learning without taking any risks. This time, we are going to see how to deploy a new virtual firewall and how to protect a web application.
The first step is to download a virtual firewall to deploy into our virtual infrastructure. For instance, I have downloaded the last firmware version of FortiGate VM64 for VMware infrastructure. Next, I have decompressed the small file of 35 MB approximately, called FGT_VM64-v5-build7605-FORTINET.out.ovf.zip, and I have imported as a new virtual machine into VMware infrastructure. It is important to download the right virtual machine for our infrastructure, VMware in this case, and not other version like FortiGate VMX for integration with VMware NSX and protection of virtual machines.
|FortiGate Virtual Machine|
Once the virtual firewall is imported into VMware, we have to configure some basic things like IP address for management and the timezone from the virtual console:
# config system interfaces
# edit port1
# set ip 172.16.14.2 255.255.255.0
# set allowaccess ping http https
# config system global
# set timezone 28
Nevertheless, firewall manufactures usually have installation guides to help us deploy their firewalls in an easy way.
|FortiGate Install Guide|
If we are going to test, for instance, last IPS signatures like the recently Apache Struts Vulnerability, maybe we'll have to upgrade the IPS engine and IPS definitions. This time, I have downloaded manually the attack definition for FortiGate VM00. This can be downloaded from Fortinet Partner Portal, if you need it ask your reseller.
|Apache Struts IPS signature|
We are on time to create new firewall policies. I have created a new policy for protecting a web application, which is running Apache Struts over tcp/8080, and I have applied an IPS profile with a custom Proxy Options where I have added tcp/8080 to HTTP protocol.
It's time to attack and check if firewall is blocking the malicious activity or we are bypassing security protections. This can be done watching firewall logs:
|Intrusion Protection Logs|
Regards my friends and remember, play and test with your toys before going to production.