Fortigate Firewall Configuration Step by Step (FortiOS 7) - PPPoE, PPPoE w/ VLAN, NAT, DHCP & DDNS

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi guys this is d igora tech today we are going to do an actual configuration on this fortigate 60f with 40 os version 7. we are going to configure pppoe ppoe with vlan tagging dhcp nat vlan and 4d guard ddns we are not going to use console instead we will use gui we will connect lan cable to port 1 which is for our lan interface and it's currently connected to my laptop let's check the led status you can see the port 1 is already up if you are new to my channel please don't forget to like share subscribe and click on the notification bell for more amazing tutorials thank you let's proceed i just factory reset this device now open a browser and enter the default ip address which is 192.168.1.99 tick advance continue every time you factory reset the device or fresh out of the box the default username is admin with no password click login you are required to change the default password we will set admin as the password for this demo now you have to re-login using the new password we will do this fortigate setup later so choose later enable don't show again to disable this pop-up here you can see the host name the serial number the firmware version which is 7.0.1 operation mode the system time uptime and one ip which is still not yet configured also you can see the device license has been expired let's configure the host name and time zone go to system settings input your desired host name set the time zone depends on your location scroll down to the administrative settings you can leave it all to default or you can change the http and https port for this demo we will use 9443 for the https port scroll down you can change the language and themes 40 os 7 have the new themes added you can choose other themes based on your likings also we have this new options which is the api preview and edit in cli you can click api review to view the changes you're about to save you can see the host name and also the admin port which we just edited you have the option to directly edit in cli from here notice that it is all set to default since we haven't clicked apply yet exit the window and click apply now we must re-login using the new https port which is 9443 you can simply add colon and the https port which is 9443 if you edit the admin port every time you access the device you need to add the admin port behind the ip address click login now let's check the interfaces go to network interfaces this are the interfaces and ip address configured by default let's configure the pppoe without vlan tagging we will configure one one as our internet-facing interface or r1 you can input your desired alias i usually input the isp name for reference roll should be one for the addressing mode choose pppoe now enter the pppoe details or username and password provided by your isp for the retrieve default gateway from server you can disable this one if you want to manually configure default route or you can leave it enabled and no need for you to configure the default route i usually enable this option for pppoe configurations for me not to create static route if your pppoe is configured on the isp router then check my other video tutorial for that for the distance we can leave it as default this depends on your requirements under administrative access we will enable ping for troubleshooting purposes https for gui or web access you can also enable ssh if you prefer cli again you can tick on the api preview to view the changes you can see all the changes we are about to apply once done click ok to apply the changes that's how to configure pppoe now we are going to configure pppoe with vlan tagging but first we have to remove the configuration on one one assuming it's a fresh install or new device click create new choose interface we will give a name of wan for the alias we can enter the isp name which in my case is unify type would be vlan for the interface we will use one one for the vlan id you need to input the vlan id provided by your isp some isps requires vlan tagging like my case is vlan 500 role should be one for the addressing mode choose pppoe now input the pppoe details or the username and password provided by your isp again i will leave retrieve default gateway from server enabled for me not to manually configure the default route for the distance we can leave it as default this depends on the requirements for the administrative access we will enable ping for troubleshooting purposes https for secure gui or web access and ssh if you prefer cli again you can tick api preview to view the changes we are about to apply click ok to apply the changes to view the configured vlan sub interface click on the plus sign in which interface you configured the vlan in my case is one one you can see the vlan interface now let me connect the cable to the one one interface you can see the wan one interface is now up let's now check the vlan interface notice the ip address received however i received private ip address maybe i need to reboot my modem although you can see the pppoe status is connected next is we will configure the lan interface we can simply edit this pre-configured internal you can enter alias name we can leave the vlan id to default notice the interfaces members role would be lan for the addressing mode leave it to manual since we are going to set the ip address manually for the ipnet mask we can change the gateway to 192.168.1.1 with slash 24 subnet this depends on the requirements an object address subnet will be automatically created with the name internal with this ipnet mask for the administrative access we will enable ping https and ssh access for the dhcp server we will configure dot 110 to 254. again this is all depends on the requirements next is the dns server you can specify then enter your internal dns if you have or you can enter the google dns next is the lease time it's currently set to seven days by default this means the dhcp will automatically expire and renewed every after seven days you can click advanced if you want to configure dhcp reservations i suggest you enable device detection for you to view the connected devices and details click ok to apply the changes now we have to re-login using the new default gateway configured 192.168.1.1 and the admin port 9443 let's check the configured lan interfaces going back to the vlan interface again since we enabled this retrieve default gateway from server then we don't need to configure the default route next is we will configure the firewall policy go to policy and objects firewall policy we have this pre-configured policy you can use this policy if your pppoe is configured on the wan one without vlan tagging or if the pppoe is configured on the isp router and you set ip address manually on this interface in our case we created sub interface for vlan tagging so we have to create new policy and point it to this vlan interface first is we will create dns policy click create new we can give a name of dns to make it simple incoming interface will be the lan or internal for outgoing interface we will point it to the vlan interface which we configured as r1 source will be the internal this address has been automatically created when we configured the lan or internal interface destination to all schedule 2 always and for the service we will choose dns enable nat for the security profiles we will use the default profiles for this demo you can create new profile based on your likings enable the antivirus again we will use default profiles enable dns since this policy is for dns and enable the ssl inspection click ok to apply the changes notice that we point it to the vlan interface which in my case is the unify we will not point it to the one one next is the http https policy we can copy and paste then edit the created policy to do this right click on it then choose copy right click again then you have the option to paste above or below we will choose below to edit the policy click on the pen sign or simply double click on it we will give a name of http https leave the rest to default we will change the services to http https enable nat under security profiles we will enable antivirus web filter since this policy is for web access disable the dns filter we can enable the ips scanning lastly the ssl inspection you can rename or remove the comments we can enable the policy or we can enable it later click ok to save the policy we can enable the policy from here right click on it set status then choose enable next is the email services policy we can clone and edit the created policy again right click on it then click copy right click again then paste below double click to edit the configuration we will give a name of mail leave the rest to default for the services we will choose the email access under services group you can see the members of this group under security profiles we will enable antivirus application control ips and again the ssl inspection for the log allowed traffic you can choose all sessions for each policy for troubleshooting purposes rename or remove the comments click ok to apply the policy enable the policy you can create more policies based on your preference lastly we will create internal to all policy or all to all policy we can clone and edit the created policy again give a name of land to all leave the rest to default for the services we will change it to all this policy means all internal devices can access anything no scheduling and all services are allowed enable nat since this is all to all policy then it's better to enable all available security profiles click ok to apply the changes enable the created policy we will create those four basic policies for this demo the policy role is top comes first so basically first traffic will hit the dns then http https until it reached the all to all policy you can keep on creating more policies then after few months depending on the size of the company you can delete the all to all policy if no traffic is hitting it or not in used we can delete the unused policy which is pointing to one one right click on it then choose delete policy click ok to proceed let's refresh the page you can now see traffic is passing through let me turn off my wi-fi now let's check the internet access we will check what is my ip we encountered this issue because the fortigate utm license has been expired if the utm license expired then you cannot browse the internet what you need to do is disable the web filtering until the utm license has been renewed to do this go back to policy and objects firewall policy we have to edit the http https policy under security profiles disable the web filter apply the changes now go back to the page then refresh it again now we can browse the internet you can see my public ip address going back to the firewall policies you can see the traffic is hitting the dns and the http https policy lastly we will configure the dynamic dns or ddns go to network dns enable 40 guard ddns for the interface choose your one or internet-facing interface if the pppoe is configured on the wan one then choose that interface however in our case we configured pppoe with vlan tagging so we will choose the vlan interface enable use public ip address for you to access it anywhere for the server we have this free servers available you can choose based on your preference we will choose 40dns for this demo enter your desired unique location or any word you prefer if you see the error domain not available then choose another word edit the unique location again until you see it's available click apply notice my public ip address beside the ddns you can now use the dynamic dns to access the device anywhere even if you reboot the modem or your public ip address has been renewed you can still use the ddns to access the device this is recommended if you did not subscribe static or fixed public ip address well that's all for today's demonstration and i really hope you liked this video if you are new to my channel please don't forget to like share subscribe and click on the notification bell for more amazing tutorials thank you and see you in the next video
Info
Channel: D' IgoroTech
Views: 4,412
Rating: undefined out of 5
Keywords: fortigate firewall configuration step by step, fortigate pppoe, pppoe with vlan tagging, pppoe with vlan, fortigate firewall basic configuration, fortinet configuration step by step, fortios 7, fortios 7 configuration, pppoe, fortigate, ddns, how to configure fortigate firewall, vlan, how to configure fortigate firewall - youtube.com, how to configure fortigate firewall step by step, configure, fortigate firewall basic configuration - youtube.com, setup fortigate, fortigate dialup
Id: FR14cfl1e1w
Channel Id: undefined
Length: 17min 43sec (1063 seconds)
Published: Mon Sep 27 2021
Related Videos
Unboxing and Configuring FortiGate Firewall 200F | Basic FortiGate Configuration | Latest Release 🔥
D' IgoroTech
19K
How to Configure IPsec VPN Remote Access on FortiGate Firewall FortiOS 7
D' IgoroTech
6.1K
#4: FortiGate: Basic Config of the firewall | VLAN, WAN, DHCP, IPv4 Policies | My Home Network
KBTrainings
37K
UniFi Switch 8 Follow-Up and VLAN Config
Crosstalk Solutions
290K
SonicWall basic configuration step by step (part 1)
Jean-Pier Talbot
30K
FortiGate Ports & LEDs | Lecture#1
Doctor Networks
109
Wifi Connected but No Internet Access on Windows 11 - EASY LIKE ABC | FIX Wifi Connection Issues
D' IgoroTech
1.8K
Fortigate Firewall Traffic shaping configuration
TAN Kirivann
1.5K
Introduction to Using DNS Server on Windows Server 2012
Eli the Computer Guy
527K
How to setup VLAN on FortiGate Firewall and Cisco Switch
NETVN
17K
FortiGate Firewall Step by Step Configuration Guide | Basic Configuration, Backup & Restore
D' IgoroTech
6K
My FortiGate SDWAN Configuration and Some Use Cases
Fortinet Guru
23K
FortiGate WIFI | Wireless Configuration |Step By Step
Network 360
1.6K
How to Install FortiGate FortiOS 7 on GNS3 with Download Link
D' IgoroTech
4.7K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.