Organizations big and small had to suddenly accelerate their digital transformation projects last year. The global pandemic catalyzed many businesses to increase their adoption of cloud services to reach customers needing to shop and interact online and support employees working remotely. And with ongoing cloud transformation, some organizations have been better able to focus on application delivery velocity, which directly impacts business outcomes.

However, to capitalize on the business agility this new model offers, some legacy infrastructure operational models—especially those involving manual IT processes—need to transition to a highly automated, self-service model employing a DevOps mindset. In this new approach, infrastructure should be deployed and operated like software code. But such operational agility cannot come at the cost of security or compliance, and vice versa. Instead, the deployment and operation of security should be tied directly to infrastructure automation. 

Fortinet offers a broad, integrated, and automated platform designed to deliver security to any environment, securing data, applications, or services deployed on any cloud. The FortiOS security operating system powers both virtual and physical FortiGate firewalls. This enables the Fortinet Security Fabric to effectively automate the detection and response cycle anywhere in the network at any scale. 

The Fortinet Security Fabric is coordinated through the FortiManager management center, which provides NetOps, SecOps, and DevOps teams with a single-pane-of-glass interface to simplify security orchestration, enforcement, and compliance. Additionally, the FortiGate virtual next-generation firewall can be deployed natively in multiple private and public cloud environments. This provides robust, scalable network security across the distributed network—enabling secure access to cloud-based applications and resources, establishing and maintaining virtual network protection in any cloud, and ensuring consistent and robust network security policies across a multi-cloud environment.

As part of this Security Fabric strategy, Fortinet has now partnered with HashiCorp to deliver a robust security solution integrated directly into their Terraform platform to deliver security as code. Terraform is a powerful, open-source tool. It is cloud and platform agnostic, enabling operations teams to deploy infrastructure as code for cloud, network, security, and application use cases.

The Integration of Terraform and FortiManager

This new integrated solution uses Terraform to automate infrastructure and security deployments, enabling an agile operating model based on Terraform providers for FortiOS and FortiManager. This solution can be used to deploy anything from a single VPC or VNet to complex multi-cloud environments and solutions for on-premises environments.

These Terraform providers enable security teams to use a declarative syntax to deploy security infrastructure as code in a fashion similar to the strategies used by application developers. This approach enables IT teams to transition security into a DevSecOps operating model and insert themselves into the CI/CD continuum. Security teams can then quickly deploy Day-0 configurations or make iterative changes for Day 1 and Day 2 operations. Resources that can be provisioned, deployed, and managed include device management, IP addresses, DNS, IPSec, trust/untrust zones, firewall policies, and more. Changes can be pushed into a repository that are subsequently picked up by a CI/CD system, which then seamlessly pushes updates into the production environment.

Beyond agility, the automated functionality of this solution also limits manually introduced misconfigurations, which can happen quite often in a frequently changing environment, such as cloud operations, thereby reducing the risk of security breaches. Some critical use cases for security-as-code include:

  • Bootstrapped firewall baseline configuration deployed together with applications
  • Firewall provisioning integrated with application lifecycle management
  • Firewall configuration management and testing at scale
  • Consistent firewall protection across hybrid cloud and multi-cloud environments
  • VPN connection from branch or datacenter location to VPN gateway on the cloud

With the new Terraform provider support for FortiManager 6.0 to 7.0, customers can quickly deploy and manage the Fortinet Security Fabric using FortiManager resources. The Fortinet Security Fabric enables coordinated threat detection and policy enforcement across different security layers including cloud service provider security services and other Fortinet and ecosystem partner security solutions. For example, when a threat to a cloud VPC or workload is detected by FortiOS, it can initiate a remediation action from FortiManager, such as a more restrictive access control policy using cloud provider serverless functions. 

Terraform provider for FortiOS 7.0 provides a common configuration that can be used across all FortiOS versions. FortiOS 6.0, 6.2,6.4, and 7.0 can easily use the provider without being burdened with the sort of incompatibility issues that can result from trying to use multiple versions. This is especially beneficial when operating environments include multiple FortiOS versions, saving time and energy for DevOps teams. This fully automated solution also supports the importation of configurations from FortiOS to Terraform and the dynamic destruction of resources and in-place updates. FortiOS provider offers rich and granular device and security policy configuration which includes 38 categories, 587 resources and 226 data sources. The provider version 1.13.1 has also been installed over 56K times in just over a month.

Terraform – Powerful Tools Designed to Efficiently Automate Security

Fortinet’s new Terraform provider modules provide customers with powerful tools designed to efficiently automate security for Day 0-and-beyond operations across cloud and on-premises environments while simplifying the convergence of DevOps and SecOps models. Additionally, its modules enable customers to rapidly reduce operator errors, simplify change management of policies, and reduce risk across the broad attack surface. Security-as-code is another evolution of critical security, delivering flexibility for customers looking to speed up their digital transformation journey across any cloud and any application while maintaining a robust security posture across all environments.

Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.

Resources:
Fortinet Infrastructure Automation Solutions
Using Terraform to deploy a single FortiGate Virtual Firewall
Fortinet Provider Listing on HashiCorp
Fortinet Terraform Provider Registry
GitHub listing of FortiOS Terraform Provider
Github listing of FortiManager Terraform Provider

Sourced from Fortinet

Recommended Posts