From c7bb8199cc8dca03cecd8b81420d06049ce6a428 Mon Sep 17 00:00:00 2001
From: LeeK <leek@fortinet.com>
Date: Mon, 4 May 2020 15:20:04 -0700
Subject: [PATCH] Update README.md

Recommended changes to the README. Farazi's content here
---
 README.md | 82 +++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 62 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index e57e6c7..2893c02 100644
--- a/README.md
+++ b/README.md
@@ -1,24 +1,25 @@
-FortiGate secure remote access with Terraform beta release.
+Line 1: # FortiGate secure remote access with Terraform (beta release)
 
-# Deployment
+Line 3: ## Requirements
+Line 4: This script requires the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest).
 
-> This script requires the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest).
+Line 6: # Deployment
 
-1. Login to Azure with `az login`.<br>
-2. Add your Client ID, Subscription ID and Tenant ID to the Terraform vars.tf.<br>
+Line 8: 1. Login to Azure with `az login`.
+Line 9: 2. Add your Client ID, Subscription ID and Tenant ID to the Terraform `vars.tf`.
 3. Adjust the `remote_subnet` and `remote_subnet_netmask` variables to that of your spoke FortiGate subnet range. The default value is `10.100.81.0`.
-4. Run `terraform init`.<br>
-5. Run `terraform apply`.<br>
+Line 11: 4. Run `terraform init`.
+Line 12: 5. Run `terraform apply`.
 
-To navigate to your deployed FortiGate use the Public IP address and the default admin port of 8443.
+To navigate to your deployed FortiGate use the Public IP address and the default Admin port of 8443.
 
-The default admin username and password can be found in vars.tf under `admin_name` and `admin_password`. <br>
+The default Admin username and password can be found in `vars.tf` under `admin_name` and `admin_password`.
 
-<i>Note: <b>EasyKey</b> from the output will contain configuration that can be applied to Spoke VPN devices for ease of configuration. </i>
+> **Note:** For ease of configuration, search for **EasyKey** in the output. It will contain configuration that can be applied to Spoke VPN devices.
 
 # Spoke FortiGate Setup
-
-Once the Terraform deployment is complete, follow the steps below to attach the spoke to the FortiGate Hub
+  
+Once the Terraform deployment is complete, follow the steps below to attach the spoke to the FortiGate hub.
 
 1. Navigate to your spoke FortiGate and open **VPN > IPsec Wizard**.
 2. Enter a **Name** for the spoke.
@@ -26,22 +27,21 @@ Once the Terraform deployment is complete, follow the steps below to attach the
 4. Under **Role**, ensure `Spoke` is selected.
 5. Click **Next** and you will be brought to the Authentication tab.
 
-<i>Note: Enter **EasyKey** from the output will contain configuration that can be applied to Spoke VPN devices for ease of configuration.</i><br>
+> **Note:** For ease of configuration, search for **EasyKey** in the output. It will contain configuration that can be applied to Spoke VPN devices.
 
 ![FortiOS Admin Profile](./imgs/easy_key.png)
 
-### Authentication:
-
-1.Under **Remote IP Address** enter the Public IP address of the FortiGate you deployed. You can find this value in the outputs. You can also run `terraform output` in the deployment folder to see the results again.
+### Authentication
 
+1. Under **Remote IP Address** enter the Public IP address of the FortiGate you deployed.<br>You can find this value in the outputs. Run `terraform output` in the deployment folder to see the results again.
 2. The **Outgoing interface** should adjust automatically based on the **Remote IP address** entered.
-3. Enter the **Pre-shared key**. This can be found in the vars.tf file under `psk_key`.
+3. Enter the **Pre-shared key**. This can be found in the `vars.tf` file under `psk_key`.
 
 For <i>EasyKey</i> setup, only the Pre-shared key needs to be entered.
 
 ![FortiOS Admin Profile](./imgs/step_2_auth.png)
 
-### Tunnel Interface:
+### Tunnel Interface
 
 1. Select an IP address for the SSL VPN tunnel interface.
 2. Input the hub tunnel IP address and netmask.
@@ -62,12 +62,54 @@ For <i>EasyKey</i> setup, only the Pre-shared key needs to be entered.
 
    ![FortiOS Admin Profile](./imgs/bring_up_phase_selectors.png)
 
+## SSL VPN Users/Groups creation and configuration guide
+
+### Create a new local user
+> These steps are performed on the FortiOS GUI.
+
+1. On the navigation bar, select **User & Device > User Definition**.
+2. Click **Create New**:
+
+  ![Create New Local User](./imgs/create_new_user.png) 
+
+3. Select **Local User**.
+4. Set up credentials for the user.
+5. (Optional) Add an **Email address**.
+6. Click **Submit**.
+
+### Create a new User Group
+> These steps are performed on the FortiOS GUI.
+
+1. On the navigation bar, select **User & Device > User Groups**.
+2. Click **Create New**:
+
+  ![Create New User Group](./imgs/user_group_selection.png)
+
+3. Under **Type**, select **Firewall**.
+4. Enter the name of the group and select members:
+
+  ![User Group Selection](./imgs/user_group_selection.png)  
+
+5. Click **OK**.
+
+### Adding a User/User Group to the SSL VPN Policy
+> These steps are performed on the FortiOS GUI.
+
+1. Enter a **Name** for the policy (if not editing).
+2. The **Incoming Interface** should be **SSL-VPN tunnel interface (ssl.root)**.
+3. Select the desired **Outgoing interface**.
+4. Under **Sources**, select addresses and on the **User** tab select the **User** and/or **User group**. 
+5. Select a **Destination** and **Service**.
+6. Click **OK**.
+
+  ![Policy Settings](./imgs/policy_user_selection.png)
+
 # Support
 
 Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services.
-For direct issues, please refer to the [Issues](https://github.com/fortinet/terraform-secure-remote-access/issues) tab of this GitHub project.
+For direct issues, please refer to the [Issues](https://github.com/fortinet/terraform-secure-remote-access-beta/issues) tab of this GitHub project.
 For other questions related to this project, contact [github@fortinet.com](mailto:github@fortinet.com).
 
 ## License
 
-[License](./LICENSE) © Fortinet Technologies. All rights reserved.
+[License](./LICENSE) © Fortinet Technologies. All rights reserved.
\ No newline at end of file