Basic Fortigate Firewall Configuration

If you want to equip your network with an affordable firewall and easy administration, Fortigate is a right choice for you. Fortigate firewall ranges from 20C to 5000 series with chassis for service providers networks. For a medium company, a Fortigate 200B is powerful enough to handle up to 10,000 concurrent sessions and multiple 100Mbps internet bandwidth. These numbers are facts from my personal real tests, the CPU of the firewall went up to 85%, memory utilization went up to 90%. Specs from Fortinet might be different because it is maximum capacity.

Anyway, this tutorial is to show you where the firewall resides within your network, and how to basically configure it to work with your network. I will use a Fortigate 200B as the firewall in this tutorial.

Content at a glance

Firewall basic knowledge

A firewall basically will have these configurations

  • Interface: where the firewall communicate with other devices in your network. This could be internal LAN, extranet, or internet. Basically you will allocate IP addresses for these interfaces.
  • Routing Table: where to send the packets to. You could see a routing table on almost every network-supported devices, such as ADSL Router, wireless router, routers, firewall, and even on your PC (Mac, Windows, Linux,…)
  • Firewall Policy: what type of traffic is allowed or denied to pass through the firewall. This is the main part of a firewall where you could control the access per IP/subnet. On advanced firewalls, you could find policy components where it is used to build firewall policy, such as scheduler, bandwidth¬†throttling, address, service, etc.
  • Operation Mode: NAT or Transparent. If you use the Fortigate as a firewall between your private network and public network, NAT/Route is for this situation. If you place the firewall behind another firewall or within your internal network, Transparent mode could be used.
Pages: 1 2 3 4 5 6

About The Author

Hao Nguyen

Hao Nguyen

Hello! I'm Hao Nguyen and I'm currently working as a Network Engineer for a small firm in Houston. I enjoy writing technical documents and blog, such as PlanTutorials.com

5 Comments

  1. Riaz says:

    Hello Hao, I am desperately looking for some help with FortiGate-100D. Please can you help. Kindly let me know your email id so that I can connect with you. I want to configure web filtering but I am not getting list of users from AD in FG. I mean I dont know how to do it. Please please can you help.
    Thanks

    Riaz

  2. MIGUEL says:

    Hi Hao, I am from Mexico City
    I am learning to operate the fortinet 200 with your tutorials…thanks
    so helpfull for me
    regardas

  3. jit says:

    hi Hao
    i want to create a policy that different computer can access different website for example
    comp-a can access yahoo.com,rediff.com
    comp-b can access only msn.com,facebook.com

    I have created source address ad comp ip and destination address as website FQDN but when i browse it shows web site is blocked

    PLS respond

    • Hao Nguyen says:

      Hi Jit,

      Sorry for my late response. Fortigate is not really for for filter website based on FQDN. The problem is, almost behind a big website, there are plenty of subdomains that the site will ask the clients to route to. For instance, dell.com, cnn.com will let the clients to access to multiple different IP addresses ranges from times to times.

      In this case, I suggest you to use an internal proxy server, such as Squid, to control your outgoing web traffic.

      Hope it helps.
      Hao

Leave a Reply