La red de Angel

@AZURE 1.1. Create SAML enteprise Applicarion. We will call it Fortigate SSL VPN 1.2.   Define AAD User groups that will have access to the Enterprise Application. Take note of the Object ID as it will use later in the Fortigate firewall. 1.3. Download Enterprise Application's SSL certificate. This will be imported in the Forigate firewall manually on later stage. @FORTIGATE FIREWALL NOTE: Forticlient SSLVPN settings are ignored in this step. 2.1. Import Azure's Enterprise Application SSL certificate on Fortigate Firewall (downloaded in Step 1.3) 2.2.   Create SAML Sign-Sign On group. We will call it ' ssl-azure-saml' 2.3. Create an User Group called 'AAD-SSL-VPN-USERS' pointing to the  Object Id of the and the AAD Group (this can be found in Azure in step 2). This User group will be used in the Firewall Policies in order to filter  2.4 .Create Firewall Policy to restrict traffic to VPN Users AAD group while using the AAD-SSL-VPN-USERS  object. If we wa...

 Requirements Palo Alto VM series firewall on KVM (in my case, hosted in EVE-NG) Terraform.exe file (Downloaded from Terraform official page) Visual Studio Code software Connectivity to Palo Alto machine from the host machine Step 0 - Create a folder to host all Terraform files C:\Users\angel\scripts\paloalto Step 1 - Download terraform.exe file from Official Terraform page  I am using Windows OS for this example but you can use Linux, MAC or other OS types as well Install | Terraform | HashiCorp Developer Extract terraform.exe in folder where all Terraform files are located --> C:\Users\angel\scripts\paloalto Step 2 - Open Visual Studio Code and download the following Terraform related extensions: Terraform Hashicorp Terraform Terraform advanced syntax higlighting Step 3 - Create main.tf on terraform files folder C:\Users\angel\scripts\paloalto\main.tf Step 4 - Edit main.tf with the following basic code. Make sure that indetation is well respected on file terraform { ...