Hey Everybody! Today, we're going to be going over
the initial setup of this brand new FortiGate 90G. And I’m gonna take you guys along with me. All right,
so we've got this thing unboxed. Nice little desktop form factor. So first off, just ports. We've got our console port,
USB port, we've got shared WAN connection. So you can only use either
the copper port or the SFP slot of either
this slot or the slot. I'm going to be using the Ethernet ports or the copper ports and I'll leave
these stoppers in here for the SFP slots and then you've got a hardware switch here
with ports one through six set for the LAN and then Ports A
and B set up for FortiLink. Just to make things a little easier. If you're using a Fortinet switch,
you've also got this little nub here for the BLE Bluetooth. So you can connect to things
like the FortiExplorer on your phone. I'm not going to be utilizing that,
but it is a nice feature if you're just doing a quick setup
and you want to use your phone. Another nice feature we've got here
is that we've got the two power inputs. There's one power supply,
but you do have two different inputs. So if you've got two different power
sources, then you can still have some redundancy
there. I will note
that it only comes with one power cord, so you're only going to be able
to use one out of the box. You'd have to go and buy
more power cables to be able to utilize the second port. All right, So we've got the FortiGate
set up. I'm hooked up into Port one and I've got
my home Internet hooked into WAN one, nothing else been changed. So we're going to hook into the default
IP address of 192.168.1.99 on HTTPS, and it's going to have cert issue just because the self signed cert,
it's got the default log in here
is going to be admin with no password and then nothing in the old password. And we'll just set the default
or the new password to Fortinet1! as my lab password. We’ll hit okay. And then we'll have to log in again. So the first thing that we're going to see here
is just part of the FortiGate set up. So the first thing is going to be setting up that hostname
and then verifying the dashboard setup once we actually get hooked up
to FortiGuard Labs and get this thing registered,
then we should be able to see that there is an actual firmware upgrade
ready to go. But we'll begin by setting a hostname and call this Gregabyte-90G. Okay. And I'm fine with the optimal
default dashboard setup. I don't really need
the comprehensive of one and if I want something, I'm probably going to build my own custom
dashboard within there. Since it's flexible and lets you do that. all right, so this is pretty standard
for a new FortiOS version that pops up and it's going to have a
you know, what's new with this version of FortiOS,
usually just the main train. So this can be for the 7.0, 7.2, 7.4,
and so on. So right now we're in the 7.0 field. Not going to get connectivity
just cause we just have this thing up. It's got other things
that are more important, but I don't really want to see this
again. So we'll hit. Okay, we can see that we do not have FortiCare support registered
right now. We've got an issue over here on our network and we've got some issues
over here in our system. So before we even jump into all of that, let's just quick
take a look at what is even in here. So here's our main dashboard. We see a bit about our system information
on how hot this thing is running as far as CPU and memory and then the
sessions that are going on inside of here, we can even see
the different administrators. So we've got one through our web
and that's our admin, we've got our security fabric. So as we hook up more Fortinet solutions
together inside of that security fabric, we'll start seeing that FortiGate cloud
is one of the ways that we can manage this device and also do logging with it
all of our different licenses. And again, that system information. So first thing,
we'll just go check out the network. And I think I know exactly
what this is going to tell us. So once I go inside of here,
I don't see exactly what that is. there we go. So if I hover over here, we'll see that
the IP address of interface LAN conflicts with the IP address
received by interface WAN1. So that's because my home internet
is actually handing out the same IP space of 192.168.1.0 slash 24. So we're going to go and change our LAN
IP address on this device real quick. So to do that,
we're going to double click into LAN and I'm just going to go over here and we'll change it over from .12. ten. And I'll also update GCP that it will
give up to also be in the same IP space. So now that I do that,
I'm not going to change anything else. Okay. At the bottom here. And then the only thing
I'm going to have to do is change this over to ten and I'm going to quick reset this port on the FortiGate just so that it hands out
a new IP address. To me that should happen pretty quickly. But I will try and get connected with this new IP address. All right. There we go. So we'll accept that risk and continue and we'll just get logged in again. So now it's had a little bit more time
to actually talk to the Internet. And for the guard labs, it says, Hey,
there is new firmware out there and you should also register this
with for care. So we're going to begin that process. So says, Hey, you're on 7.0. 12, really going to care
about the build number usually. And then the last version is 7.0. 13. There's even a link to the release notes,
which normally I would highly recommend you do. Look at that and check it out
before you go update it. But I've already done that
and I know that we're good. So we're in review the firmware upgrade. So we see that 7.0.13 is available. Now we get this before
I actually go and upgrade this, I am going to register this to my account,
which I can do right here. You could also have done this
previously up in your support portal, but I like to do this all
just within the device itself. So I'm going to get set up here.
All right. So I've got my username, password,
the country, and then the reseller. That just helps to know
who's supporting this. I did just get this from Fortinet. We're also going to sign into FortiGate Cloud
using the same account and allow administrative logging
using for the cloud. So I like this
just so that I don't have to go and set up a whole solution
into a different identity provider. I've already got MFA
set up into for the cloud. Then I can just utilize that same MFA
username and password within my device. Well, okay. And we see it has been registered and is activated with FortiGate Cloud
and now we've got that registered. We're going to hit upgrade here, so we're going to click on this one. It does say that there is, you know,
it can find a valid upgrade path. That's just because this is a newer device
and it didn't come out in the initial release of 7.0.13. It came out in an additional build
version, which I've already checked out. You can check it out
within the release notes here. But the 7121 build
is a good one for this. So we're going to confirm in backup config
this is really important later in life. So six months to a year down the road, when you get a new firmware
that comes out, if you've put in a lot of time and effort
into how this device is configured and say the upgrade does go wrong, having a backup of that config
is going to help you save a lot of time. It doesn't happen often,
but it's a nice little feature in there just to help
you not have to worry about it. So upgrading the firmware, it's
going to cause the system to reboot. And yes, we're fine with that. This is a lab environment,
so we're fine with that. So now we're just going to wait. I think it takes between, you know, 3 to 5 minutes
based on what I'm using. So I see down there in the corner,
although I'm covering it up, is 2:00 right now. So we'll see what time it is
once it's fully updated and rebooted
and we're able to log in again. All right. So it is actually only been 2 minutes now,
but we're already back into the login screen, so I could click to sign in
with Ford Cloud. And that's just going to send me over
to the Fortinet support page to log in with my account
that I signed up with. We're just going to continue
using this local login just a little quicker and easier. All right. So now we see this device online. It's registered,
it's got an update version. You'll see this mature tag here at the end
that's just referring to whether or not it's got a whole bunch of new features
or if this is more just around bug fixes. So what's the feature release? Usually that means there are some
larger changes that happened on that. You should definitely
be reading the release notes. Mature means that
not a whole bunch of changes happened should be a really stable release,
so less risk when you're updating to those ones. So we have one remaining error here. If we hover over here,
we'll say we're unable to connect to four two guard servers,
but we did just reboot this device, so that may just be a little bit of time
that needs to happen. So I'm going to quick go through a rundown of the different menus here and then
we'll just double check at the end that we're hooked up to sort of guard labs
and that'll be it for this video. So first thing
again is going to be these dashboards. So we're looking over the status. We did our talk about what is inside
there, but there is also security, which you'll need
something like a 40 analyzer to see some of these different types of things
that are default built into here network,
which can be great for seeing the routing. This will probably update here
in a minute, but you know, I'm using DHCP
off of the land interface. Revel system users and devices
as more things get hooked up. And then if we're using Wi-Fi,
we can also see that in their networks,
the big thing is going to be interfaces. So again we can see our FortiLink,
which is just our A and B interface. So this is ports that are set up
specifically to be utilizing for a FortiSwitch. So FortiLink is how those things talk
securely. Then we've got our physical interfaces
of WAN1 and WAN2. So if you want to set up
something like SD-WAN you could do that, then you've got a terminal interface
for now and then you've got your hardware
VLAN switch. So all ports one through
six are just set up as you know,
a mini switch inside of the firewall. So another thing I want to mention
here is going to be the SD-WAN it's another free feature
that's built into all the FortiGate. So you don't need to have a license
for this. So it's a fully fleshed out
SD-WAN solution, even if you don't license
all the security features. One tip on that is going to be
if you're looking to do SD and on this, the first thing
you're going to want to do is actually put some interfaces in an SD-WAN zone. The way that it works later on,
if you haven't done that at the beginning and put them into their own zone,
is that this way in one interface is going to be referenced
in a whole bunch of policies and it's going to have issues
because you can't move things around when they're linked
in to different policies. So the next bit is going to be
this firewall policy might default. We've got an implicit deny down here. We're not logging anything
and we're allowing traffic from the LAN to go out to the LAN and we're not doing any inspection,
but we are doing just UTMB logging. So if it does see anything
nefarious, it's going to shut that down and log it. But none of those things are turned on
right now, so there's nothing to really log. A lot of different things here,
but it doesn't really worry about just in the basics security profile. So you're going to see all the different security profiles you can apply to these
different policies. So things like the antivirus,
the big won't be I you now SSL inspection is huge
because of so much of the internet and applications are encrypted nowadays,
which is great but also means that you can't see it
so you can't really protect it. So turning that on,
you've got to plan for that. It's not something you can just turn on, but it's really important that you do
that. The next one is going to be the VPN. So being able do IP sex IP tunnels, especially for things like SD one,
and then even remote access through SSL, VPN or IPsec VPN for remote users. Speaking of remote users,
you've got your user definition. You can even hook into
an LDAP group RADIUS or SAML, or you could just do more local users And if you don't have MFA today,
I really recommend you getting MFA. But it's nice
that we have free FortiTokens built into each of these devices
so you can import these free trial tokens and they'll just live on the box
themselves. And it's not a token
you can use across multiple devices, but if all you've got
is a couple of firewalls and you want to administer
those from remote locations and you want to put MFA on them, it's
definitely something you should do. So having, you know, two of those
per FortiGate is going to allow you to have two administrator accounts
with MFA turned on them. The Wi-Fi and switch controller
is another free feature within FortiGate. So as license for the app
or for two switch, you can manage those devices completely within here
not licensed feature. So I've had people who use these simply
you know, set off to the side. They don't want to use it
as their firewall, but they want to use it just as a switch controller
or an access point controller. we've got our system here. So we check out our different app
administrators. We can check out the firmware, we can see the different sort of guard
security services, which we'll get to that in a second
to make sure that that error goes away. But one nice thing about this
is that, you know, you can do most everything you want to do
in a FortiGate in the UI while still having access to the CLI
within the GUI. But you can also hide things
that you don't want. So for me right now, I'm
not using wireless or switch controller, but I also know that I will want to be able to reference
multiple interfaces within policies. So I'm going to turn that feature on
and I'm not going to look at the switch
in wireless controller for right now. So if we hit apply,
you'll see on the left here that we're going to not see
the switch in wireless controller anymore. And then it's not something that you're going
to see as an additional feature over here. But I am now able to reference multiple interfaces in policies
which currently are by default. You would not be able to do so Looking over the security fabric, we'll go into fabric connectors here so you can see
we've got a couple different Fortinet solutions that you can help hook together
and have them talk to each other. there is a lot of different things. The security fabric set up, if you got
two FortiGates and a FortiAnalyzer, you've got a security fabric,
which is a pretty basic setup. But I would always recommend somebody have
they're running for two gates. But then you can do things like setting up
FortiAnalyzer cloud logging, cloud sandbox,
all the FortiClient stuff FortiSandbox. We do have some, you know, visibility
through FortiGate Cloud for management. So all it says FortiManager, it is actually a FortiGate cloud
that's running that. So one thing I am in the turn
on real quick just because it's free and built into it so I wouldn't use
it is going to be this cloud logging. So if FortiGate cloud
will turn this to real time, you get the ability
for seven days of free logging. So even if you don't have FortiAnalyzer set up and running, it's something
that you should definitely be doing because if something happens and you want to check the past
couple of days, the memory on
these devices is not really long. So either putting a hard drive on this
or setting up cloud logging or if you really want to,
you can set up FortiAnalyzer for logs off to assist
log server or SEIM server. But this is a great first step. I love that
it's a free edition inside of here. So the last thing inside of here
is going to be your logging and reporting. Right now we don't have any
logging really happening, as I talked about in the policies,
the default and I is not going to log and then the default out from LAN to WAN
is only going to log for UTM events, but we have no security
profiles turned on that policy. So there's nothing
that's going to log right now. But if you want to dig into
the different types of reports and logging that you want to look at,
you can do that right there. All right. So wrapping this up,
let's look at that FortiGuard. It looks like it's still saying that we're unable to connect, so
we're just going to force an update there. So it was sent
should update in a few minutes. Looks like the transfer some traffic
but was not really talking great. So I'm just going to refresh this. All right. Well, while that is updating,
I just just realized that this this time here is already happened. So that tells me that
we are in the wrong time zone. Which one of those things
that I would also set up pretty early on. So system settings is we’re Using NTP, but we are traditionally set to Pacific
Time and I'm over here in Eastern Time, so we're going to set that
and we're going to apply. So if we go back into FortiGuard now, we can see at least that, you know,
it's going to update again in 15 minutes. I want that to happen a little sooner. So I'm going to here
update those licenses right now. All right. So now it looks like we are finally
talking. It's happy. So as you know, hey,
these are still pending. More than likely this is going to pop up that they are not
actually registered right now. So if I wanted to,
I go into my support portal and go apply those, or I could enter those codes
right here and using my account that I already linked this to, it's
going to push that back up to FortiCloud one of the thing that I like to turn on
is improving the IPS quality. So this is just going to be able to send those attack characteristics
to FortiGuard servers, and that's just going to help
everybody get a little bit more secure. So that's one thing I like to do is play. All right. So that is just a quick run through of, you know, setting up a device,
setting a few settings. We're going to go into each of
these areas a lot more in future videos. But I just want to thank you for watching
and we'll see you next time. Thanks.
