FortiWeb as a Service Onboarding
Introduction
Cloud Native protection for web applications and APIs, delivered as a service from the same public cloud region where you deploy your applications Available on AWS, Azure, and Google Cloud.
Protect your hosted web applications without deploying and managing infrastructure — let FortiWeb Cloud secure your applications while you focus on delivering business value with your web applications and APIs.
FortiWeb Cloud can be deployed in minutes and uses a machine learning-enabled threat detection engine to block threats without triggering the false positives that drive administrative overhead with other WAF solutions. FortiWeb Cloud’s unique deep learning technology automatically and continuously models the behaviour of your application, enabling you to deploy your latest code into production quickly without the manual tuning required by other WAFs.
Login
So www1.example.com becomes www13.example.com if you were attendee 13.
Login to https://fortiweb-cloud.com/ online WAF-as-a-Service Portal (FWBaaS).
(Note For this training we are using an MSSP version of FWBaaS, this MSSP version is managed by the CSE Intl. team.)
You will be provided with user credentials to log with FortiCloud user per IAM LOGIN option:
- Account ID/ Alias = workshop
- Username = user#
- Password = Fortinet2020#
Note The #, in the username will be substituted with the number you will be given e.g. user1, user2, user3 etc. This does not include the PASSWORD. Additionally do not change the password.
Log in with your credentials.
Onboarding your website
Onboarding your website.
- Click the Add Application Button.
- Name your Web Applcation: Web# - # being your given number
- Domain Name: www#.fortiworkshop.nl where # is your assigned number!
Add your network settings:
- Enable both HTTP and HTTPS
Select Customise:
- FQDN= originserver.fortiworkshop.nl
- Port= 800# - where # is your given number, e.g. 8001 for User1, 8011 for User11
- Server Protocol= HTTP
- We won't be enabling CDN for this lab, just select NEXT
- Enable Blocking Mode
- Select Save
- Email the DNS-sage administrator (dns-sage@fortiworkshop.nl), including all the technical details involved, and ask politely to make the CNAME record change for you.
This part of the exercise is to make you familiar with the steps of DNS-based validation and the CNAME change.
(The Sage DNS administrator appreciates a nice thank you, or a Gin & Tonic ;-)
- Select close, your application is now in the "Update Pending" state.
- Please be patient and wait for the email response informing you about the CNAME change status.
- Refresh the screen till your DNS status changes to "OK".
- In the background FWBaaS is generating a certificate, whilst this key is being created you can run the following command to observe the deployment of the certificate.
You can use cURL to validate the installed certificate or use the browser to observe.
curl -v https://www#.fortiworkshop.nl
- You will notice you are provided with a FortiWeb certificate before the official certificate is loaded.
Only continue once you have the official certificate in place!
Dashboard
- Your Application is now Onboarded and ready for use.
- Select your onboarded Web# on the FortiWeb-Cloud environment.
By default, FortiWeb-Cloud will configure a health check to your origin server, but it is not enabled by default.
It is a good practice to health check your origin server and you can as well observe the latency towards your origin server as well.
Enable the health check by performing the following steps:
- Click the Health Check link within the Server Status
- Edit the Server Balance configuration
- Enable the Health Check
FortiWeb-Cloud will start the health checking and Health Check Status will change within 2 minutes to Active
You can perform a health check test by selecting the thermometer icon.
You can get the status and elapsed time information.
If you would like to change the health check or change the origin server status you can do so via the edit button.
Your Health Check is now enabled.
You can now progress to the next section.