Fortinet black logo

Administration Guide

Configuring a firewall policy to allow access to EMS

Configuring a firewall policy to allow access to EMS

To configure a firewall policy to allow access to EMS:

FortiGate should allow access on TCP/443 for client download and TCP/8013 for telemetry.

  1. On the FortiGate, go to Policy & Objects > Virtual IPs.
  2. Click Create New.
  3. Input the following values:

    Field

    Value/configuration

    Name

    Telemetry-VIP

    Interface

    port3

    Type

    Static NAT

    External IP address/range

    0.0.0.0

    Map to IPv4 address/range

    10.88.0.1

    Services

    HTTPS. Create a new service called Telemetry, which has its destination port set to TCP 8013.

  4. Click OK.

  5. Go to Policy & Objects > Firewall Policy. Click Create New.

  6. Input the following values:

    Field

    Value/configuration

    Name

    WANtoEMS-Telemetry

    Incoming Interface

    port3

    Outgoing Interface

    port2

    Source

    All

    Destination

    Telemetry-VIP

    Schedule

    Always

    Service

    HTTPS, Telemetry

    Action

    ACCEPT

    Log Allow Traffic

    Enabled, All Sessions

  7. Click OK to save.

Configuring a firewall policy to allow access to EMS

To configure a firewall policy to allow access to EMS:

FortiGate should allow access on TCP/443 for client download and TCP/8013 for telemetry.

  1. On the FortiGate, go to Policy & Objects > Virtual IPs.
  2. Click Create New.
  3. Input the following values:

    Field

    Value/configuration

    Name

    Telemetry-VIP

    Interface

    port3

    Type

    Static NAT

    External IP address/range

    0.0.0.0

    Map to IPv4 address/range

    10.88.0.1

    Services

    HTTPS. Create a new service called Telemetry, which has its destination port set to TCP 8013.

  4. Click OK.

  5. Go to Policy & Objects > Firewall Policy. Click Create New.

  6. Input the following values:

    Field

    Value/configuration

    Name

    WANtoEMS-Telemetry

    Incoming Interface

    port3

    Outgoing Interface

    port2

    Source

    All

    Destination

    Telemetry-VIP

    Schedule

    Always

    Service

    HTTPS, Telemetry

    Action

    ACCEPT

    Log Allow Traffic

    Enabled, All Sessions

  7. Click OK to save.