Basic configuration FortiOS 7.0

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

let's look at some basic configuration using the new 40 os 7. [Music] all right so let's set a basic configuration on my 40 gate running for the os7 the first thing that i will do is to configure the idle timer to 30 minutes and i'll set an admin password scope of a minimum eight characters uh for creating an admin password let's apply that and let's move to administrators let's create a new administrator name it admin 2 and let's set the password now if i'll use a 6 characters only it will pop up and tell me that it must contain 8 characters following the password scope all right now let's set the profile itself to super admin let's uh click ok now if i move again and edit the new admin i can now edit it on my cli on the right pane so let's just set another two factor authentication method which is email so let's set two factor email and let's set email to let's just use forty-eight guru gmail.com or right so that's for the administrator now if i'll use the two-factor authentication let's just do okay so we will refresh the page there it is and now you can see that i have a new method which is an email-based two-factor authentication all right so let's move to uh network let's create our interface let's create a new interface which will be the finance interface by the way when you press those three lines you can actually eliminate the menu so you can have a full screen page so let's set the alias finance roll land let's use https let's also use ping and let's use an ip address of 10.0.5.1 slash 24 and i will use dhcp server but i will only use about 54 so i'll have about 50 ip addresses which is quite enough uh nothing on the advanced dhcp mode known additional dhcp options device detection is enabled which is a good thing traffic shaping we will soon configure traffic shaping okay now let's create a user group for those uh finance users so let's move to users and let's create a user group create new let's name it finance and sorry for that and let's add them from a remote server which is my radio server and i have already created a group there so i'll just name that finance and that's about it so the next thing to do is to create the firewall policy let's name the firewall policy finance out and the incoming interface is our finance our outgoing is our when interface source will be our finance group and all destination also they can actually go anywhere they wish schedule is always service is all we will uh not use a proxy base we will use flow based all right so let's just save it and let's create some security profiles we will disable any exit files from getting into or out from that interface so let's use the block exit and let's create a new exa filter we will use all protocols that are available we will use both uh directions and let's just use the ax and there it is and we will block it from our interface okay so let's just add it up to our firewall policy and let's use it block exit okay all right now let's create our static route network static route let's create a new one all right and let's create a vip object before that we will create a new dmz interface let's name it dmz the role is dmz 10.0.6.1 slash 24 with no dhcp server we can only uh let's only administrate it using ping to check connectivity all right and let's create our vip server so let's create a new virtual ip let's name it server and there let's use a fake external ip and let's map it to our server 10.0.6.7 okay now one of the nicest things is that you can actually create the firewall policy directly from that object so right click on it create firewall policy and let's server in and the incoming interfaces are when interface the outgoing is our dmz source is all and destination is our server let's let's use only http and https as our services now we don't need net all right the last thing that we will do is to set up a new video filter and let's let's block my channel so let's block 40 tip don't do it but in case you need to block a specific youtube channel then use the channel override let's paste the channel id and let's block it now if you'll move to file your firewall policy you will see that you do not see the video filter it only works on proxy mode and using deep ssl inspection so use proxy mode and use deep ssl inspection if you need to block specific youtube channels or restrict vmail sites from mature content

Info

Channel: Forti Tip

Views: 5,557

Rating: undefined out of 5

Keywords: fortigate, fortinet, training, online, support, fortigate 7.0, fortios 7.0, fortios 6.4.4, fortios 7.0 features, fortios 7, fortios 6.4 whats new, fortigate basic configuration, fortigate basic configuration cli, fortigate firewall basic configuration

Id: trDPO4SC3iw

Channel Id: undefined

Length: 8min 4sec (484 seconds)

Published: Sun Apr 04 2021