Description
This article provides an example of configuring an interface and policies on a FortiGate.
Scope
FortiGate.
Solution
Basic Topology.
Configuring interfaces.
- To edit the Internet-facing interface (in the example, WAN1), go to Network -> Interfaces.
- Set Role to WAN.
To determine which Addressing mode.
- If the ISP provides an IP address, set Addressing mode to Manual and set the IP/Network Mask to that IP address.
- If the ISP equipment uses DHCP/PPOE, set Addressing mode to DHCP/PPOE to allow the equipment to assign an IP address to WAN1.
- Edit the LAN interface, which is called internal on some FortiGate models.
- Set the Addressing mode to Manual and set the IP/Network Mask to the private IP address to use for the FortiGate.
<Optional> To assign IP addresses to devices on the internal network, enable DHCP Server.
Adding a default route.
- If the Addressing mode is set to DHCP/PPoE then a default route is automatically created with AD as 5 and priority as 1. And can be modified from the interface only. Either GUI can change the distance or Cli can change the distance and priority. From GUI to change the 'distance':
From CLI to change 'distance' and 'priority':
config system interface
edit wan1
set priority 1 <----- Change to desired priority.
set distance 5 <----- Change to desired distance.
end
- For manual mode, define the default route.
- Go to Network -> Select Static Routes, select 'Create New' to create a static route
- Set Gateway to the IP address provided by your ISP and Interface to the Internet-facing interface.
Creating a policy.
- To create a new policy, go to Policy & Objects -> IPv4 Policy.
Now, Browse the Internet using the PC on the internal network.
Related article:
Technical Tip: PPPoE interface option not available from GUI