Basic Configuration of a FortiGate firewall

GUI Based

Basic configuration of a FortiGate firewall from Fortinet is the initial setup required to make the device ready for network security and internet access.

1. Accessing the FortiGate Device

First, you access the FortiGate device by connecting a laptop or PC to its management port. You open a web browser and enter the default IP address (such as 192.168.1.99 or 192.168.1.1). Then you log in using the default username “admin” and set a strong password for security.

2. Configuring Interfaces (WAN & LAN)

You need to configure network interfaces:

  • WAN interface → connects to the internet (set IP from ISP or DHCP or Provide Static IP Address )
  • LAN interface → connects to internal network (set private IP like 192.168.10.1)

This step defines how traffic enters and leaves the firewall.

Next, you configure the network interfaces. The WAN interface is connected to the internet provided by the ISP, and the LAN interface is connected to the internal company network. Each interface is assigned an IP address based on the network design.

3. Setting Up Default Route

After that, you set up the default route. This tells the firewall where to send internet-bound traffic. The default gateway is usually the ISP router IP address, and it ensures users inside the network can access the internet.

4. Creating Firewall Policy

Then you create firewall policies. These rules control traffic between LAN and WAN. For example, you allow internal users to access the internet while applying NAT (Network Address Translation) so private IPs can communicate externally.

5. Configuring DHCP Server

After policies, you configure a DHCP server on the LAN interface. This allows connected devices to automatically receive IP addresses, gateway, and DNS settings without manual configuration.

6. DNS Configuration

You also configure DNS settings so users can resolve domain names like google.com into IP addresses. Public DNS servers like Google DNS (8.8.8.8) are commonly used.

7. Basic Security Features

Finally, you enable basic security features such as antivirus, web filtering, and intrusion prevention system (IPS). These features help protect the network from malware, unsafe websites, and cyber attacks.

Basic firewall setup includes:
👉 Interface setup
👉 DNS configuration
👉 Routing
👉 DHCP
👉 Firewall policies
👉 Security features
👉 Testing

FortiGate CLI configuration

1. Login to CLI

You can access FortiGate CLI via console, SSH, or web terminal.

				
					login: admin
Password: ******

2. Configure LAN Interface

Set LAN IP address:

				
					config system interface
edit port1
set mode static
set ip 192.168.10.1 255.255.255.0
set allowaccess ping https ssh http
set role lan
next
end

OR

config system interface
  edit "port1"
    set mode static
    set ip 192.168.10.99 255.255.255.0
    set allowaccess ping https ssh
    set alias "LAN"
  next 
end
config system dhcp server
    edit 1
        set dns-service default
        set default-gateway 192.168.10.99
        set netmask 255.255.255.0
        set interface "port1"
        config ip-range
            edit 1
                set start-ip 192.168.10.2
                set end-ip 192.168.10.254
            next
        end
    next
end

3. Configure WAN Interface (Internet)

				
					config system interface
edit port2
set mode dhcp
set allowaccess ping https ssh
set role wan
next
end

4. Configure Default Route

				
					config router static
edit port2
set gateway 192.168.1.1
set device port2
next
end

5. Set Global DNS Server

				
					config system dns
set primary 8.8.8.8
set secondary 8.8.4.4
end

6. DHCP on LAN Port (Automatic IP)

				
					config system dhcp server
edit 1
set interface port1
set dns-service default
set default-gateway 192.168.10.1
set ip-range 192.168.10.100 192.168.10.200
next
end
get system dns

7. Firewall Policy (LAN to WAN Traffic)

				
					config firewall policy
edit 1
set name "LAN_TO_INTERNET"
set srcintf port1
set dstintf port2
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
set nat enable
next
end
				
			
				
					FortiGate  Commands
...................
1. Check All Interfaces Status
get system interface

2. Detailed Interface Information
diagnose hardware deviceinfo nic port1

3. Check IP Address List
diagnose ip address list

4. Check Interface Traffic
diagnose netlink interface list

5. Check Link Status (Up/Down)
get system interface physical

6. Ping Test (Connectivity Check)
execute ping 8.8.8.8


7. Traceroute (Path Check)
execute traceroute 8.8.8.8

8. Check Routing Table
get router info routing-table all

9. Check Firewall Policy Hit Count
diagnose firewall iprope show

10. Check NAT Sessions
diagnose sys session list


11. DNS Troubleshooting
execute nslookup google.com

12. Clear Sessions (Fix stuck traffic issues)
diagnose sys session clear

13. Check HA Status
get system ha status
Fortigate Basic Video Guide