Scribd
Upload
102 views9 pages

Initial Working Lab:: Change Hostname

The document provides instructions for initial configuration of a FortiGate firewall, including changing the hostname to FG1, configuring the management interface with IP 1.1.1.100, configuring three interfaces named WAN, LAN and MGMT with different IP addresses, configuring DNS servers, creating a default route, allowing all traffic from LAN to WAN with NAT enabled, and verifying internet access from an internal PC.

Uploaded by

Hai Do
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
102 views9 pages

Initial Working Lab:: Change Hostname

The document provides instructions for initial configuration of a FortiGate firewall, including changing the hostname to FG1, configuring the management interface with IP 1.1.1.100, configuring three interfaces named WAN, LAN and MGMT with different IP addresses, configuring DNS servers, creating a default route, allowing all traffic from LAN to WAN with NAT enabled, and verifying internet access from an internal PC.

Uploaded by

Hai Do
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Initial Working Lab:

Change Hostname
FortiGate-VM64-KVM # config system global
FortiGate-VM64-KVM (global) # set hostname FG1
FortiGate-VM64-KVM (global) # end

Configure Management Interface


FG1 # config system interface
FG1 (interface) # edit port3
FG1 (port3) # set ip 1.1.1.100/8
FG1 (port3) # set allowaccess https http telnet ssh ping
FG1 (port3) # end

Login to FortiGate Firewall type http://1.1.1.100 in any browser.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Configure Interfaces:
Go to Network>Interfaces select port1 Click Edit

In Alias type WAN, change the Address Mode to Manual type IP/Netmask 192.168.8.100/24, in
Administrative access uncheck everything only checked PING leave all the rest of configuration
default and press OK button.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Go to Network>Interfaces select port2 Click Edit

In Alias type LAN, change the Address Mode to Manual type IP/Netmask 192.168.7.100/24, in
Administrative access only checked PING leave all the rest of configuration default & press OK.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Go to Network>Interfaces select port3 Click Edit

In Alias type MGMT, leave all the rest of configuration default and press OK button.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


DNS Configuration:
Go to Network > DNS by default, using Fortinet’s FortiGuard severs are select.

It is possible to specify using different DNS server, click on Specify and enter in primary /
secondary DNS servers. In Primary DNS Server, type the IP address of the primary DNS server
8.8.8.8. In Secondary DNS Server, type the IP address of the secondary DNS server 8.8.4.4. Click
Apply button to save the changes.

Default Route Configuration:


To create a new default route, go to Network > Static Routes and create a static route for ISP.
Set Destination to Subnet and leave the destination IP address set to 0.0.0.0/0.0.0.0. Set
Gateway to the IP address provided by your ISP and Interface to the Internet-facing interface in
my case 192.168.8.2 which my VM8 VMware Workstation Gateway. Set the Interface to the
WAN interface. Press OK to Save the changes.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Go back to Network> Static Routes to see the configure routes, Finally, look like below.

Creating a Policy:
To create a new policy, go to Policy & Objects > IPv4 Policy. Give the policy a Name that
indicates that the policy will be for traffic to the Internet in my case it is Allow-All. Set the
Incoming Interface to LAN and the Outgoing Interface to WAN. Set Source, Destination Address,
Schedule, and Services, as required in this case All. Ensure the Action is set to ACCEPT.
Turn on NAT and select Use Outgoing Interface Address.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Scroll down to view the Logging Options. To view the results later, enable Log Allowed Traffic
and select All Sessions.

Go back to Policy & Objects > IPv4 Policy to see the configure Policy, Finally, look like below.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Configure LAN PC:
Right Click on PC go to Edit config remove # sign and assign static IP and details.

Browse the Internet using the PC on the internal network.

To view information about FortiGate traffic, go to FortiView > Sources. The PC appears on the
list of sources.

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


To view information about FortiGate traffic, go to FortiView > Destinations. The appears on the
list of Destinations.

To view information about traffic, Go to FortiView > All Sessions.

T view information about which policy has been used Go to FortiView> Polices

To view information about FortiGate traffic, go to Dashboard > Top Usage LAN/DMZ. That
appears list of top sources and destinations.

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

You might also like