How to configure basic protection on Fortigate | LAN-WAN-DMZ

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Hello friend Welcome to my video In this short video I explain how to configure basic security on FortiGate Firewall Your network is divided into 3 roles which are WAN, LAN and DMZ We have an example with a network with a file server In this recipe, you will protect a File server by connecting it to your FortiGate DMZ network. In addition to protecting the File server, the DMZ also protects the rest of the network. Go to network interfaces and edit the DMZ interface This example uses the port3 interface as the DMZ interface, port 1 as LAN interface, port 2 as WAN interface The interface Alias indicates that this is the DMZ interface As well the Role is set to DMZ For enhanced security, disable all Administrative Access options Go to Policy & Objects > Virtual IPs. Create a virtual IPs for FTP access Mapping from the Internet to the DMZ interface Set the interface to the WAN interface External IP set to 0.0.0.0 Mapped IP address, set to the internal IP address of the server you are forwarding to Enable ‘Port forwarding' Select TCP Type in the port you want to forward Go to Policy & Objects > Firewall Policy Create a firewall policy to allow traffic from the LAN to the internet Give the policy and name that indicates that the policy will be for traffic to the internet Set the Incoming Interface to the lan interface and the Outgoing Interface to the Internet-facing interface. Set Source, Destination Address, Schedule, and Services is all Make sure the Action is set to ACCEPT Turn on NAT You can now browse the Internet using any computer that connects to the FortiGate's internal interface Create a second firewall policy to allow FTP traffic from the internal network to the File server Set the Incoming Interface to the lan interface and the Outgoing Interface to the DMZ interface. Set Source, Destination Address, and Schedule is all Set Services is FTP Make sure the Action is set to ACCEPT Turn on NAT You can now access the file server from LAN address Create a third firewall policy to allow FTP traffic from the Internet to the File server Set the Incoming Interface to the WAN interface and the Outgoing Interface to the DMZ interface Set source and schedule is all Add virtual IP as the destination address Set Services is FTP Make sure the action is set to accept Turn on NAT Results Internet users and internal network users can access the File server by the File server's Internet address Internal users can also access the File server using its DMZ address As always if you found this post useful and subscribe to my YouTube channel Help me 500 thousand subscribers

Info

Channel: NETVN

Views: 14,793

Rating: undefined out of 5

Keywords: netvn, net vn, fortigate, fortigate firewall, fortigate firewall tutorial, fortigate basic security configuration, fortigate basic protection configuration, fortigate basic configuration, fortigate basic config, fortigate dmz setup, fortigate dmz, fortigate dmz configuration, fortigate lan wan dmz configuration, fortigate protection your network, how to protect your network with fortigate, how to protect your network with fortinet, fortigate security, how to

Id: iPo7Mwlhuzc

Channel Id: undefined

Length: 5min 32sec (332 seconds)

Published: Thu Sep 16 2021