Basic FortGate Setup

This guide covers the very basics on how to get a brand new FortiGate setup. By basic I mean “How to get internet flowing in and out of your local area network.”

Creating a Direct Connection

When setting up a FortiGate for the first time a connection between a PC and the FortiGate’s management interface needs to be made. Higher end FortiGates will have a dedicated management port as seen below:

While lower end FortiGates will have one of the Ports pre-configured for management access.

Connect a laptop to the management port which should have a DHCP server ready to hand out an IP address. Once your computer has acquired an IP navigate to https://192.168.2.99 in your browser and login with the username admin and leave the password field blank. You should be prompted to change your password:

Setup the WAN Interface

Once you have logged into your FortiGate the first thing we will want to do is setup your WAN interface.

  1. Click the Network Tab
  2. Click Interfaces
  3. Click the physical interface you will use for internet and click Edit

Note: Not all FortiGates will have a port dedicated for a WAN. You may need to pick a port that makes the most logical sense.

On the Edit Interface screen make sure to address the following:

  1. Alias is solely to make tracking rules easier. I recommend naming it after your ISP
  2. Addressing mode should be set to Manual (unless your using a dynamic IP from your ISP)
  3. Enter the IP/Network Mask your ISP assigned you
  4. Check the box next to HTTPS
  5. Check the box next to Ping
  6. Click OK

Note: Checking HTTPS and PING allows you to access the firewall externally and ping it for troubleshooting purposes. If you do not want external access to the firewall you can leave those options unchecked.

Setup LAN Interface

There are a few different ways to setup a LAN. Some people will take a whole group of ports and link them together to create a physical or virtual switch. Personally I do all of my switching on a dedicated core switch so in this tutorial I will be configuring only one port for my local area network.

  1. Click the Network Tab
  2. Click Interfaces
  3. Click the physical interface you will use for internet
  4. Click Edit

On the Edit Interface screen make sure to address the following:

  1. Make sure to set the role of the interface to LAN
  2. As mentioned before, give this port an Alias
  3. Set the addressing mode should be set to Manual
  4. Enter what you would like your Firewall’s internal IP to be
  5. Check the box next to HTTPS
  6. Check the box next to SSH
  7. Check the box next to Ping
  8. Make sure DHCP Server is off
  9. Click OK

Note: If your setting up a very small environment that is not using an AD server you could use the DHCP Server option here to hand out IPs.

Configuring Default Route

After your interfaces are configured navigate to:

  1. Network
  2. Click Static Routes and click Create New
  1. From the Interface drop down menu select your WAN interface
  2. Destination should be 0.0.0.0/0.0.0.0 for a default route
  3. Enter the Gateway Address provided by the ISP
  4. Click OK

At this point the FortiGate should now be communicating with the outside world. As you can see in the image below, I am getting a notification from FortiGate to register my product.

Allowing Outbound Traffic (Quickly)

  1. Click on Policies & Objects
  2. Click on IPv4 Policy and click Create New


On the New Policy screen make sure to address the following:

  1. Give your policy an easy to understand name (without spaces)
  2. Incoming Interface should be the port connected to your local area network
  3. Outgoing Interface should be your WAN
  4. Source should be all
  5. Destination should be all
  6. Schedule should be always
  7. Service should be ALL
  8. Enable NAT
  9. And click OK

At this point you should now have a functioning network. All devices on your LAN will be allowed to access the internet while all inbound traffic will be blocked.

If your site is hosting servers that require outside access such as web servers, surveillance systems, or on premises VOIP system you’ll need to create some objects and more rules but I’ll cover that in a later post.

On one final note if there is one place I frequently see a firewall setup get butchered, it is on the Policies & Objects. Recently I was given the task of cleaning up a firewall that have over 120 rules in place. After a few days of sorting through the madness, I was able to get the firewall rules down to just fifteen. While that might be the most extreme case of excessive firewall rules I have ever come across, it is not uncommon to see around 30 to 45 unneeded rules that are just causing headaches. With that being said you can expect a post that covers firewall rules in greater depth coming very soon.

One response to “Basic FortGate Setup”

  1. Amit says:

    Nice Post, Please keep sharing further configurations of Fortinet, like filtering, VDOM, ETC..

Leave a Reply

Your email address will not be published. Required fields are marked *