Task 3: Confirm Linux VMs access via FortiGate

In Task 3, you will confirm the Linux VMs are using the FortiGate NVA as their default route and that all traffic to/from the Linux VMs is going through the FortiGate.

  1. Open Serial consoles linux-a-vm and linux-b-vm

  2. From linux-a-vm console run

    • ping www.yahoo.com
    • ping 192.168.1.164 <– Most likely the Private IP of linux-b-vm

    Neither should respond

    azure-access-fgt-1

  3. From linux-b-vm console run

    • ping www.yahoo.com
    • ping 192.168.1.132 <– Most likely the Private IP of linux-a-vm

    Neither should respond

    azure-access-fgt-2

  4. Login to the FortiGate

  5. Open a CLI session on the FortiGate

    azure-access-fgt-3

  6. Enter the FortiGate CLI command

    • diagnose sniffer packet port2 'icmp'

  7. Run steps two and three again.

    The ICMP echo request traffic reaches the FortiGate, however the FortiGate does not have any policies to allow or deny the traffic.

    azure-access-fgt-4