Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fortigate firewall how to


Published on

How to perform the initial configuration of a FortiGate Firewall

Published in: Self Improvement, Technology

Fortigate firewall how to

  2. 2. VIRTUAL LAB The FortiGate firewall is available not only as an appliance but also as a virtual machine, the Fortigate VM. The following virtual lab will be used in the following examples. This scenario is very simple, so it could be used to easily learn how to configure the FortiGate firewall. External network – to the Internet Firewall Port 2 – bridged to the physical machine network port FortiGate VM Firewall port 1 – configured on VMware LAN segment 1 LAN segment 1 Virtual machine with Ethernet port on Vmware LAN segment 1
  3. 3. FORTIGATE VM INITIAL CONFIGURATION We will assume that the reader has already installed the virtual machine on its PC and he/she has generated a valid license. When the machine has already been started up, we can only configure it through the console: a login is required. Enter username admin and no password. In order to have the web interface available, some basic commands are required. These commands will permit to configure an IP address to the machine and activate the license on the Internet. The license file should be downloaded to the machine using TFTP, so a TFTP server should be configured. The IP addresses used in the following are chosen as an example; you are free to change them. Let’s start with the initial configuration!
  4. 4. FORTIGATE VM INITIAL CONFIGURATION CONTINUED # On the CLI, configure port 1 (only port 1 is already configured for device management). Port 1 will be connected to the PC used to configure the device and then to the internal network. All ports are already in administrative status up. config system interface edit port1 set ip end # Now we can leave the console and start to use an SSH terminal. Connect port 1 to your PC Ethernet port and configure it with a static IP address on the same subnet you configured on port 1 of the firewall. # Now we will configure port 2 to connect it to Internet. In this case we will use a DHCP configuration as an example. config system interface edit port2 set mode dhcp set defaultgw enable #We use the default gateway received by DHCP end
  5. 5. FORTIGATE VM INITIAL CONFIGURATION CONTINUED # In case we chose to use a static IP address, the configuration will be config system interface edit port2 set ip end # In this case we should configure a static default route. config router static edit 1 end set device port2 set gateway #So, verify the connectivity and the DNS configuration. execute ping #We download the license file from our TFTP server (with IP address, for example). execute restore vmlicense tftp FGVMXXXXXXXXXXXX.lic
  6. 6. FORTIGATE VM INITIAL CONFIGURATION CONTINUED Now we can connect to the firewall using the web interface (user admin and no password). The activation process is not immediate, so the following page will be shown. If we want to speed up the process, the following CLI command could be used: execute update-now When the activation procedure is completed, we will be able to connect to the device’s web interface.
  7. 7. MORE NEEDS? See hints on Or email us your questions to
  8. 8. IPMAX IPMAX is a Fortinet Partner in Italy. IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation. IPMAX srl Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171