FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ckumar_FTNT
Staff
Staff
Article Id 195715

Description


This article provides an example of configuring an interface and policies on a FortiGate.

 

Scope

 

FortiGate.

Solution


Basic Topology.



 
 
Configuring interfaces.
 
  • To edit the Internet-facing interface (in the example, WAN1), go to Network -> Interfaces.
  • Set Role to WAN.
 

 
To determine which Addressing mode.
  • If the ISP provides an IP address, set Addressing mode to Manual and set the IP/Network Mask to that IP address.
  •  If the ISP equipment uses DHCP/PPOE, set Addressing mode to DHCP/PPOE to allow the equipment to assign an IP address to WAN1.
    • Edit the LAN interface, which is called internal on some FortiGate models.
    • Set Role to LAN.
    • Set the Addressing mode to Manual and set the IP/Network Mask to the private IP address to use for the FortiGate.
    <Optional> To assign IP addresses to devices on the internal network, enable DHCP Server.
 
 
 
 
Adding a default route.
 
  • If the Addressing mode is set to DHCP/PPoE then a default route is automatically created with AD as 5 and priority as 1. And can be modified from the interface only. Either GUI can change the distance or Cli can change the distance and priority. From GUI to change the 'distance':

 

adchange.png
 

 From CLI to change 'distance' and 'priority':

 

config system interface

    edit wan1

         set priority 1           <----- Change to desired priority.

         set distance 5          <----- Change to desired distance.

end

 

  • For manual mode, define the default route.
  • Go to Network -> Select Static Routes, select 'Create New' to create a static route
  • Set Gateway to the IP address provided by your ISP and Interface to the Internet-facing interface.
 
 
Creating a policy.
  • To create a new policy, go to Policy & Objects -> IPv4 Policy.
 
 
 
 
 
Now, Browse the Internet using the PC on the internal network.

 

Related article:

Technical Tip: PPPoE interface option not available from GUI