FortiGate Firewall how to - Connecting to the Internet

12,801 views
12,017 views

Published on

This second how-to deals with the internet connection setup through Fortigate Firewall.

Published in: Technology

FortiGate Firewall how to - Connecting to the Internet

  1. 1. FORTIGATE FIREWALL HOW TO CONNECTING TO THE INTERNET www.ipmax.it
  2. 2. NETWORK SETUP External network – to the Internet In the following, we will try to connect your LAN to the Internet using a basic setup. The same setup shown in the previous post will be used: port 1 connected to the LAN and port 2 facing to the Internet. The configuration foresees the use of NAT, a static IP address for the Internal Interface and a DHCP received one for the external interface. The internal IP 192.168.255.1/24 address will be: Firewall Port 2 – bridged to the physical machine network port FortiGate VM Firewall port 1 – configured on VMware LAN segment 1 LAN segment 1 Virtual machine with Ethernet port on Vmware LAN segment 1
  3. 3. CONNECTING TO THE INTERNET It’s a good practice to assign a meaningful label to each firewall interface. In this example the “Inside” and “Outside” labels will be used. With your web browser open https://192.168.255.1, user admin and no password. Go to System > Network > Interfaces Double click on port 1 and start to configure it.
  4. 4. CONNECTING TO THE INTERNET CONTINUED Follow the configuration shown to the right. Configure the Alias label and enable the DHCP server in order to assign IP addresses dynamically onto the LAN. The interface alias will be show on all menus and will help you to recognize it. Save configuration and go to port 2.
  5. 5. CONNECTING TO THE INTERNET CONTINUED Follow the configuration shown to the right. Configure the Alias label and check “Retrieve default gateway from server” in order to receive the default gateway using DHCP. Check also “Override internal DNS” to use DNS servers retrieved by DHCP.
  6. 6. CONNECTING TO THE INTERNET CONTINUED Go to Policy > Policy > Policy and click onto “create new”. Follow the configuration shown to the right. Note that a network object has been used to configure the source address. A network object associates a subnet address to an easy to remember object: the object must be created manually. In particular, enable NAT between port 1 and port 2 and log all sessions. When applied, this rule will enable your PCs inside the internal LAN to connect to the Internet.
  7. 7. MORE NEEDS? See hints on www.ipmax.it Or email us your questions to info_ipmax@ipmax.it
  8. 8. IPMAX IPMAX is a Fortinet Partner in Italy. IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation. IPMAX srl Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171

×