[Connectivity test] Configure FortiGate firewall policy


This recipe is part of the process of deploying FortiGate HA for AWS. See below for the rest of the recipes in this process:

  1. Customize the CFT template
  2. Check the prerequisites
  3. Review the network failover diagram
  4. Invoke the CFT template
  5. Connect to the FortiGates
  6. [Connectivity test] Configure FortiGate firewall policy
  7. [Failover test] Shut down FortiGate A
  1. Let’s test if the configuration synchronizes between the two FortiGate instances by creating a new incoming firewall policy. Navigate to Policy & Objects > IP4 Policy, then click Create New. Enter the policy name, specify incoming and outgoing ports, source, destination, and service. In this example, all is selected for all options. Select security policies as desired, then click OK.

    The policy has been created.
  2. Log into FortiGate B by connecting to its management port at Your IP address will be different. The username is admin. If HA works, the password is the same as FortiGate A. Otherwise, the login password is FortiGate B’s instance ID.

    The same new firewall policy has automatically been created on FortiGate B.