Integrating FortiGate with Google Cloud:
This initial step involves establishing a connection between your FortiGate firewall and your Google Cloud project. You’ll need to create a “fabric connector” within the FortiGate interface. To do this, you’ll require specific information from your Google Cloud project:
- Project ID: The unique identifier for your Google Cloud project.
- Service Account Email: The email address associated with a service account that has the necessary permissions.
- Private Key: A private key file associated with the service account. The video emphasizes that this key needs to be formatted into three lines when pasting it into the FortiGate configuration.
The video guides you on where to find this information within the Google Cloud console, specifically in the project settings and service account management sections. A successful integration is indicated when the fabric connector status shows as “up” in FortiGate.
Creating Addresses for Google Cloud Instances
Once the integration is active, the next step is to define your Google Cloud instances as address objects within FortiGate.
By selecting the previously configured fabric connector, FortiGate can dynamically pull the IP addresses of your instances. You can identify these instances by their IDs or names.
Creating Firewall Policies
With the Google Cloud instances defined as address objects, you can now create firewall policies to control traffic to and from these instances. This involves creating IPv4 policies in FortiGate where you specify:
- Source: Typically set to “all” to allow traffic from any source, or you can define specific sources.
- Destination: The Google Cloud instance address(es) you created in the previous step.
- Services: The network services you want to allow, such as HTTP, HTTPS, and SSH.
A crucial aspect highlighted is the ability to enable and configure various security profiles. The video specifically demonstrates using an Intrusion Prevention System (IPS) to protect against server-side vulnerabilities. You can leverage pre-defined IPS filters, like “protect HTTP server,” and further customize them based on protocol, target (server), application, and operating system.
Video Walk-through
This video provides a comprehensive guide on how to integrate a FortiGate firewall with Google Cloud to enhance the security of your online assets, such as virtual machine instances running websites.
The video also briefly touches upon an alternative approach: deploying a FortiGate virtual machine instance directly within Google Cloud from the Google Cloud Marketplace.
Finally, it offers a quick note on protecting against client-side vulnerabilities, such as Cross-Site Scripting (XSS) attacks, suggesting the use of security plugins like Wordfence if you are running a WordPress website.