Fortigate 200F Basic Configuration Guide

Aug 22, 2024

Fortigate 200F Basic Configuration

Introduction

  • Lecture by Dee Aguero Tech
  • Focus on basic configuration of Fortigate 200F model.

Initial Setup

  1. Change Computer IP Address
    • Must be in the same subnet as Fortigate management port (192.168.1.99).
  2. Access Web Interface
    • Open web browser and enter the management IP.
    • Login: Username - admin, Password - (none).
  3. Configure Device Password
    • Set desired password on first boot or after factory reset.

Device Details

  • Check device information:
    • License, Host Name, Serial Number, Firmware Version (6.2.4), Date & Time, Uptime, IP Address.

Change Host Name

  1. Go to System > Settings.
  2. Input desired host name (usually company name).
  3. Optionally change time zone and idle timeout (set to 30 minutes).

Network Interface Configuration

WAN Interface

  1. Go to Network > Interfaces.
  2. Configure WAN interface (port 15):
    • Remove from hardware switch, set as internet-facing interface.
    • Input ISP-provided IP Address and Netmask.
    • Enable Ping and HTTPS/SSH if required (avoid HTTP and Telnet for security).

LAN Interface

  1. Set alias, role to LAN, addressing mode to manual.
  2. Input desired IP Address and Netmask.
  3. Enable HTTPS, SSH for secure remote access, and DHCP if needed.
    • Avoid static IP conflicts (10.1.1.100 to 10.1.1.254 for DHCP).
    • Use Google DNS or Cloudfare DNS if not hosting own.

Static Route Configuration

  1. Go to Network > Static Route.
  2. Create new route:
    • Subnet: 0.0.0.0/0 (access anything).
    • Gateway IP: ISP router (e.g., 192.168.0.2).
    • Select internet-facing interface.

Policy Configuration

  1. Go to Policy & Objects > IPv4 Policy.
  2. Create "LAN to All" policy:
    • Incoming Interface: LAN.
    • Outgoing Interface: Internet.
    • Source: Internal LAN.
    • Destination: All.
    • Schedule: Always.
    • Services: All.
    • Security Profiles: Default.
    • Note: Ensure a device is plugged into LAN port for testing.

Testing Configuration

  1. After configuring, adjust computer IP to match internal network.
  2. Test connectivity (google.com and fortinet.com).
    • If unable to access, check web filtering settings.

Monitoring Traffic

  1. Go to FortiView to monitor traffic:
    • Check source IP, destination IP, etc.
  2. Use Log & Report to view traffic logs and apply filters.

Per-Service Policies

  1. Clone and edit policies for DNS traffic, HTTP/HTTPS, and Email services.
    • Ensure correct services are assigned for each policy.
  2. Maintain order of policies (top-down).

Security Profiles

  1. Edit security profiles:
    • Antivirus, Web Filter, DNS Profile, Application Control.
    • Block unwanted categories (e.g., adult content, games).
  2. Apply security profiles to relevant policies for enhanced security.

Backup and Restore Configuration

  1. Backup Configuration
    • Go to User Settings > Configuration > Backup.
  2. Restore Configuration
    • Factory reset device if necessary.
    • Use CLI command exe factory reset.
    • Restore using the configuration file.

Conclusion

  • Importance of backing up configuration after changes.
  • Encouragement to like, share, and subscribe for more videos.