FortiGate Firewall Step by Step Configuration Guide | Basic Configuration, Backup & Restore

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello guys this is dee aguero tech [Music] today we are going to go through the very basic fortigate configuration we will be using the 200f model which is the latest release during this time of recording first thing we have to do is to change the computer ip address they must be in the same subnet with the fortigate 200f management port which is 192.168.1.99 now open your web browser and enter the management ip [Music] login using the default user account with username admin and no password in the first boot of the device or after factory reset you must configure the device password enter your desired password you will have to log in again enter the username and the new configured password [Music] in this window you can check the device details the license the host name which we are about to change the device serial number the firmware version which this version 6.2.4 operation mode date and time device uptime and the one ip address now we will change the host name to do that go to system then select settings you can input your desired host name or usually the company name you can also change the time zone from here if you don't like green color then you can change it here we have some few options but we will use the default theme for now [Music] you can also change the idle timeout in this window the idle timeout setting determines how long a session is valid let's enter 30 minutes once done click apply we will now configure the network interfaces go to network then interfaces this is where you configure your lan network and one network addresses and this management ipnet mask we will first configure the one interface from our topology the port 15 is our one interface and it's currently in the hardware switch so we have to remove from that group and set it as our internet facing interface you can enter your alias as your guide set the interface role to one since this is the internet facing interface set the addressing mode to manual and enter ipnetmask provided by your isp if you're planning to access the device from the internet through https and ssh and if you want the device to be pingable then you can enable it here do not allow http and telnet on internet facing interface for better security but this is all depends on your personal preferences click on ok to save the configuration from here you can see the ipnet mask we configured and also the enabled administrative access we will now proceed to the lan interface you can set the alias set the interfaces role to lan set the addressing mode to manual and enter the ip netmask using the ip address you want to assign [Music] for the administrative access you can enable https access ssh for secured remote connection you may enable ping for testing and troubleshooting purposes enable dhcp if you plan this device to be your dhcp server enter the address range remember the dhcp range you may want to avoid all of the ip addresses between 10.1.1.100 to 10.1.1.254 when you're assigning static ip addresses for the dns server if you host your own dns or you have active directory then you can enter the ip address if not then we will use google dns and cloudfare dns [Music] you may want to enable device detection it is intended for devices directly connected to your lan ports this is very useful for troubleshooting click on ok to save your configuration let's now configure the static route go to network and select static route we need to create new route to allow the ford gate to reach the internet choose subnet and leave it to eight zeros eight zeros means you can access anything or all set the gateway ip to the ip provided by your isp in my case it's the isp router 192.168.0.2 select the interface using the internet facing interface we will leave the administrative distance as default click on ok to save the configuration from here we can see the new configured route let's now configure the policy go to policy and objects and select ipv4 policy this fortigate 200 f don't have any pre-configured policy we will create a new policy which is all to all it means internal network can access everything and can use any protocols at any time no schedule no filtering and no restrictions to do this click on create new let s give a name of land to all incoming interface is the lan or internal network [Music] outgoing interface is our internet-facing interface for the source we will add new address using the internal subnet name it as local lan enter the internal lan ip netmask [Music] destination to all [Music] schedule to always and services to all for security profiles we are going to use the default profiles [Music] click on ok to save the configuration you can see that there's an error which is all source interfaces are down we encountered this issue because we configured the device using the management port and there's no active device plugged into internal ports we will now plug in the computer to the port one which is a part of the lan interfaces for us to test the configuration [Music] we also have to reconfigure the computer ip address to be in the same subnet with the internal network [Music] open your browser and enter the lan default gateway enter your username and password [Music] let's now test the configuration [Music] hey what happened i will explain one thing if the fortigate device is not yet activated or the license has been expired then you are not able to access the internet if the web filtering is enabled we enabled the web filtering earlier during the configuration i did it on purpose just for additional review this was our configuration earlier let's now try to disable the web filter profile then test the configuration again now it's working we can now reach google.com and fortynet.com [Music] you can see the traffic going out to the internet if you want to monitor the traffic for this policy then you can go to ford view [Music] in this window you can check the source ip or device destination ip or country websites etc the other way is going to log and report and select forward traffic you can click on any log you want to view and you can see all the details on the right [Music] click on add filter and from here you have a lot of choices also to select you can choose source ip or device destination users by policy etc we will now configure the per service policy which is recommended and for better security to do this we can simply copy paste and edit the policy right click on the policy you want to clone from here you have few options but we will choose copy for cloning now right click again on the policy and you will have two options to paste either paste above or below the copied policy we will have to edit the policy we will configure first the dns traffic so we'll enter the name dns leave the rest to default except for the service we need to change to dns we only need to change the name and the service click on ok to save the changes [Music] now we have to enable the policy [Music] next is the http and https traffic [Music] we can do the same process again you can name it as http https [Music] in the service option we need to change to http and https click on ok now enable the policy next we will create another policy for email services [Music] name it as mail and for the service we will add the service group email access all of the email services are in this [Music] group you can now enable the policy [Music] every time we made some change you will see the notification at the bottom we will create those basic for policy for this demonstration [Music] for the policy the rule is top comes first so first traffic would hit the dns then http https going down to the bottom you can create more policies then watch out for the land to all policy if the traffic is not hitting that policy then you can disable it maybe few months depending on the size of the company let's do a quick test for google.com and 4dnet.com great it's working next is we're going to check the very basic security profiles since we just used the default profile earlier go to security profile first is antivirus you can select the default profile and edit it based on your preference same goes with the web filter [Music] you can block those adult contents [Music] peer-to-peer file sharing if you want to minimize the downloads you can check all these other categories [Music] [Music] you can edit your dns profile if you want for the application control you can clone and edit the profile you want [Music] you can block games category even the the social media [Music] if you're not sure what's under that category then you can choose view signatures to view the application signatures and you have a lot of options you can see the the facebook which is the most visited social media [Music] click on apply to save the configuration now we are going to apply those security profiles we just created [Music] we will apply the new created profile enable dns since this is for the dns traffic and we can disable the application control for the http https profile we will enable the antivirus web filter application control and ssl inspection click on ok to save the configuration [Music] you can edit the email access and lastly the lan to all since this policy will catch all the remaining traffic then we must enable all security profiles available [Music] you can keep on creating more policies and security profiles then after a few months of monitoring then you can disable this policy [Music] this depends on the size of the organization the bigger the more challenging the smaller the easier we will now proceed to the last process one of the most and very important process that can save your life back up and restore it is recommended to back up your configuration once you're done configuring the device or every time you made some changes you will be in a very difficult situation if you don't have backup configuration you can also configure the automated backup of the configuration [Music] to backup the config click on the user at the top select configuration and you will have option to backup restore and revisions we will choose backup click on ok to proceed now open the downloaded backup file we will take a look on the file name [Music] igoro tech is the host name followed by the year month and date and the remaining with the exact time of backup [Music] next process is restoring the backup file for this demonstration we will factory reset the device during the restoration you have to consider two things ensure no power interruption and do not manually reboot your device during the process to do this open the cli [Music] run the command exe factory reset you will be asked if you want to continue type y to proceed the factory reset takes time but for this fortigate 200f i'm really surprised by the process [Music] after reset you need to log in again using the default ip address enter the default username with no password then create new password for your account to restore the configuration click the user at the top click on configuration and choose restore now you will locate and upload the configuration file enter the password if you have configured it during the backup process if not simply click on ok wait for the device to finish the process [Music] that's all for today's demonstration i really hope you liked this video if you do please like share and subscribe also click on the bell button for you to be notified for more upcoming videos thank you and see you in the next video

Info

Channel: D' IgoroTech

Views: 6,095

Rating: undefined out of 5

Keywords: fortigate configuration, fortigate basic configuration, how to configure fortigate, foritgate tutorial, fortigate firewall configuration, fortigate firewall, firewall, fortigate training, fortigate tutorial, configure fortigate, configure, fortigate for beginners, fortigate basic configuration - google.com, how to configure fortigate - google.com, fortigate step by step configuration - google.com, fortigate dhcp, fortigate pppoe, fortinet, fortigate configuration step by step, pppoe

Id: rWGWlPsSwlw

Channel Id: undefined

Length: 19min 47sec (1187 seconds)

Published: Fri Jan 15 2021