Fortigate Basic Setup

This guide shows how to provide a basic configuration to the Fortigate firewall. This setup can be used at home or in small business environments and is a good starting point for further configuration. A Fortigate 40C has been used for this guide.

Comments
Introduction
Topology
Initial Setup
Internal Interface
WAN Interface
Default Gateway
Port Address Translation
DHCP Server
Hostname & ID
Show Commands
Get Commands
Execute Commands

Introduction

FortiGate is a network security platform developed by Fortinet. It is a firewall appliance that combines multiple security features and functionalities into a single device. FortiGate firewalls are widely used across industries, from small businesses to large enterprises.

Description
Firewall Protection: FortiGate firewalls offer stateful packet inspection (SPI) and deep packet inspection (DPI) capabilities. They analyze network traffic at the packet level, allowing administrators to define and enforce granular security policies based on protocols, applications, and user identities.
Unified Threat Management (UTM): FortiGate firewalls integrate multiple security technologies into a single device, including antivirus, intrusion prevention system (IPS), web filtering, application control, and data loss prevention (DLP). This consolidated approach simplifies network security management and reduces the need for separate security appliances.
VPN Connectivity: FortiGate firewalls support virtual private network (VPN) connectivity, allowing secure remote access and site-to-site connectivity. They support various VPN protocols, including IPsec, SSL/TLS, and L2TP, ensuring encrypted communication and secure data transfer over untrusted networks.
Advanced Threat Protection: FortiGate firewalls incorporate advanced threat protection mechanisms such as sandboxing, threat intelligence, and machine learning. They can detect and block known malware, as well as identify and analyze unknown threats in a controlled environment before they can impact the network.
Network Segmentation and Virtual Domains: FortiGate firewalls support network segmentation through the use of virtual domains. Virtual domains allow administrators to create multiple logical firewalls within a single physical device, enabling network segmentation for enhanced security and administrative control.
Centralized Management: FortiGate firewalls can be managed centrally through the Fortinet Security Fabric, which provides a unified management interface for configuring, monitoring, and reporting on multiple FortiGate devices. This simplifies network administration and allows for centralized control of security policies across the entire network infrastructure.
Scalability and Performance: FortiGate firewalls are available in various models and sizes to accommodate networks of different scales. They offer high-performance hardware and architecture, ensuring that security services do not adversely impact network performance.

Topology

This topology describes connectivity to the internet via a home-router provided by an internet service provider. The ISP-router in this design offers a private network (192.168.1.0 /24). Most users at home connect their clients (notebooks, TVs, smartphones, etc.) directly to the home-router and receive an IP address from the built in DHCP server. The clients communicate to the internet by using the gateway (192.168.1.254 for this example). To add more security, the Fortigate firewall will enable the use of more subnets, inspect the incoming communication and translate the IP addresses of all clients to an IP address used by the firewall (port address translation).

Description
The first interface faces the public network or the Internet
The second interface faces the internal network or the private network
The Fortigate firewall acts as a gatekeeper between the public network and the internal network, inspecting and filtering incoming and outgoing traffic
It allows internal users to access the Internet or external networks while enforcing security policies to protect the internal network
The inside network is considered as a trusted network and is typically not subjected to the same level of security restrictions as the outside interface
get system status

FGT40C3913030810 # get system status
Version: FortiGate-40C v5.0,build0252,131031 (GA Patch 5)
Virus-DB: 23.00644(2015-01-18 12:07)
Extended DB: 23.00644(2015-01-18 12:06)
IPS-DB: 5.00597(2015-01-16 02:56)
IPS-ETDB: 0.00000(2000-00-00 00:00)
Serial-Number: FGT40C3913030810
Botnet DB: 1.00000(2012-05-28 22:51)
BIOS version: 04000009
System Part-Number: P08924-06
Log hard disk: Available
Internal Switch mode: switch
Hostname: FGT40C3913030810
Operation Mode: NAT
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 252
Release Version Information: GA Patch 5
System time: Wed May 10 03:01:57 2023

FGT40C3913030810 #

Premium Access

Log in or register - Premium members can access all content without restrictions.

Get Premium

0 Comments

Submit a Comment