Unboxing and Configuring FortiGate Firewall 200F | Basic FortiGate Configuration | Latest Release 🔥

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hi guys this is diego tech and today we are going to unbox this fortigate 200f device we will go through the very basic configuration afterwards if you have some corrections or suggestions feel free to drop your comments below note this video is for demonstration purposes only [Music] again we are going to unbox first this legendary 200f yes 200 f i'd been eager to check out the amazing new features anyways we will about to check all of that [Music] even during the covet 19 40 net is constantly updating its portfolio they just released this 40 gate 200 f which replaces the legendary 200e model the 40 gate 200 f series delivers next generation firewall or ngfw capabilities for mid-size to large enterprises deployed at the campus or enterprise branch level protects against cyber threats with high-powered security processors for optimized network performance security efficacy and deep visibility [Music] we will take a look all of this items one by one in a minute [Music] okay so this are all of the items included in the box let's now check it one by one first is this console cable i'm amazed by this new type of console cable with 40 net logo on it you can buy this online for around 10 us dollars next is the ethernet cable the power supply redundancy is essential in the operation of mission critical networks it is designed to increase network availability and uptime they provide power to supported 40 net devices should the internal power supply failed you have these mounting hardwares and lastly these quick start guides [Music] now let's take a look at the device this is the front view the back where you can check your barcode and serial number and the bottom where you can check your device model let's now install the mounting hardwares [Music] let's have a quick review on the interfaces gigabit ethernet rj45 high availability and management ports 16 gigabit ethernet rj45 ports two 10 gigabit ethernet sfp slots 10 gigabit ethernet sfp plus 40 link slots eight gigabit ethernet sfp slots one usb port 3.0 1 console port and 480 gigabyte ssd at the back of the device we can see the dual ac line firewall throughput of 27 gigabyte per second if set up ips only then it has five gigabyte per second ngfw has 3.5 gigabyte per second and with thread protection enabled it has gigabyte per second let's now plug in the power adapter [Music] the console cable [Music] our computer to management port and port 15 for the wan this would be our topology now let's power on the device i've noticed the power led indicator is red comparing to older model which is green [Music] first thing we have to do is to change the computer ip address they must be in the same subnet with the fortigate 200f management port which is 192.168.1.99 now open your web browser and enter the management ip login using the default user account with username admin and no password in the first boot of the device or after factory reset you must configure the device password enter your desired password you will have to login again enter the username and the new configured password [Music] in this window you can check the device details the license the host name which we are about to change the device serial number the firmware version which this version 6.2.4 operation mode date and time device uptime and the one ip address now we will change the host name to do that go to system then select settings you can input your desired host name or usually the company name you can also change the time zone on this page if you don't like green color then you can change it here we have some few options but we will use the default theme for now [Music] you can also change the idle timeout in this window the idle timeout setting determines how long a session is valid let's enter 30 minutes once done click apply [Music] we will now configure the network interfaces go to network then interfaces this is where you configure your lan network and one network addresses and this management ipnet mask we will first configure the one interface from our topology the port 15 is our one interface and it's currently in the hardware switch so we have to remove from that group and set it as our internet-facing interface you can enter your alias as your guide set the interface role to one since this is the internet facing interface set the addressing mode to manual and enter ipnet mask provided by your isp [Music] if you're planning to access the device from the internet through https and ssh and if you want the device to be pingable then you can enable it here do not allow http and telnet on internet facing interface for better security but this is all depends on your personal preferences click on ok to save the configuration from here you can see the ipnet mask we configured and also the enabled administrative access we will now proceed to the lan interface you can set the alias [Music] set the interfaces role to lan [Music] set the addressing mode to manual and enter the ip netmask using the ip address you want to assign [Music] for the administrative access you can enable https access ssh for secured remote connection you may enable ping for testing and troubleshooting purposes enable dhcp if you plan this device to be your dhcp server enter the address range remember the dhcp range you will want to avoid all of the ip addresses between 10.1.1.100 to 10.1.1.254 when you're assigning static ip address for the dns server if you host your own dns or you have active directory then you can enter the ip address if not then we will use google dns and cloudfare dns you may want to enable device detection it is intended for devices directly connected to your lan ports this is very useful for troubleshooting click on ok to save your configuration let's now configure the static route go to network and select static route we need to create new route to allow the ford gate to reach the internet choose subnet and leave it to eight zeros eight zeros means you can access anything or all set the gateway ip to the ip provided by your isp in my case it's the isp router 192.168.0.2 select the interface using the internet facing interface we will leave the administrative distance as default click on ok to save the configuration from here we can see the new configured route [Applause] let's now configure the policy go to policy and objects and select ipv4 policy this fortigate200f don't have any preconfigured policy we will create a new policy which is all to all it means internal network can access everything and can use any protocols at any time no schedule no filtering and no restrictions to do this click on create new [Music] let s give a name of land to all incoming interface is the lan or internal network outgoing interface is our internet facing interface for the source we will add new address using the internal subnet name it as local lan [Music] enter the internal lan ip netmask [Music] destination to all schedule to always and services to all for security profiles we are going to use the default profiles click on ok to save the configuration you can see that there's an error which is all source interfaces are down we encountered this issue because we configured the device using the management port and there's no active device plugged into internal ports [Music] we will now plug in the computer to the port 1 which is a part of the lan interfaces for us to test the configuration we also have to reconfigure the computer ip address to be in the same subnet with the internal network open your browser and enter the lan default gateway enter your username and password [Music] let's now test the configuration hey what happened [Music] i will explain one thing if the fortigate device is not yet activated or the license has been expired then you are not able to access the internet if the web filtering is enabled we enabled the web filtering earlier during the configuration i did it on purpose just for additional review this was our configuration earlier let's now try to disable the web filter profile then test the configuration again [Music] now it's working we can now reach google.com and fortynet.com [Music] you can see the traffic going out to the internet if you want to monitor the traffic for this policy then you can go to ford view [Music] in this window you can check the source ip or device destination ip or country websites etc the other way is going to log and report and select forward traffic [Music] you can click on any log you want to view and you can see all the details on the right click on add filter and from here you have a lot of choices also to select you can choose source ip or device destination users by policy etc we will now configure the per service policy which is recommended and for better security to do this we can simply copy paste and edit the policy right click on the policy you want to clone from here you have few options but we will choose copy for cloning now right click again on the policy and you will have two options to paste either paste above or below the copied policy we will have to edit the policy we will configure first the dns traffic so we'll enter the name dns [Music] leave the rest to default except for the service we need to change to dns we only need to change the name and the service click on ok to save the changes [Music] now we have to enable the policy next is the http and https traffic we can do the same process again you can name it as http https in the service option we need to change to http and https click on ok now enable the policy next we will create another policy for email services name it as mail and for the service we will add the service group email access all of the email services are in this group you can now enable the policy every time we made some change you will see the notification at the bottom we will create those basic for policy for this demonstration for the policy the rule is top comes first so first traffic would hit the dns then http https going down to the bottom you can create more policies then watch out for the land to all policy if the traffic is not hitting that policy then you can disable it maybe few months depending on the size of the company let's do a quick test for google.com and 4dnet.com great it's working we will do a quick review on the 4d guard ddns if your external ip address changes regularly and you have a static domain name you can configure the external interface to use a dynamic dns service this ensures that external users and customers can always connect to your company firewall anytime anywhere using the dynamic dns to do this go to network dns enable 40 guard ddns select the internet facing interface since the pppoe is configured on the isp router we need to enable use public ip address enter your unique ddns or organization name you can now share the domain name to external users and customers and they can connect to your company firewall [Music] next is we're going to check the very basic security profiles since we just used the default profile earlier go to security profile first is antivirus you can select the default profile and edit it based on your preference same goes with the web filter [Music] you can block those adult contents [Music] peer-to-peer file sharing if you want to minimize the downloads you can check all these other categories you can edit your dns profile if you want for the application control you can clone and edit the profile you want [Music] you can block games category even the the social media [Music] if you're not sure what's under that category then you can choose view signatures to view the application signatures and you have a lot of options you can see the facebook which is the most visited social media [Music] click on apply to save the configuration now we are going to apply those security profiles we just created we will apply the new created profile enable dns since this is for the dns traffic and we can disable the application control for the http https profile we will enable the antivirus web filter application control and ssl inspection click on ok to save the configuration you can edit the email access and lastly the land to all since this policy will catch all the remaining traffic then we must enable all security profiles available you can keep on creating more policies and security profiles then after a few months of monitoring then you can disable this policy [Music] this depends on the size of the organization the bigger the more challenging the smaller the easier we will now proceed to the last process one of the most and very important process that can save your life backup and restore it is recommended to backup your configuration once you're done configuring the device or every time you made some changes you will be in a very difficult situation if you don't have backup configuration you can also configure the automated backup of the configuration [Music] to backup the config click on the user at the top select configuration and you will have option to backup restore and revisions we will choose backup click on ok to proceed now open the downloaded backup file we will take a look on the file name igoro tech is the host name followed by the year month and date and the remaining with the exact time of backup [Music] next process is restoring the backup file for this demonstration we will factory reset the device during the restoration you have to consider two things ensure no power interruption and do not manually reboot your device during the process to do this open the cli run the command exe factory reset you will be asked if you want to continue type y to proceed the factory reset takes time but for this fortigate 200f i'm really surprised by the process after reset you need to log in again using the default ip address enter the default username with no password then create new password for your account to restore the configuration click the user at the top click on configuration and choose restore now you will locate and upload the configuration file enter the password if you have configured it during the backup process if not simply click on ok wait for it to finish the restoration that's all for today's demonstration and i hope you like this video if you do please like click the notification bell and subscribe for more upcoming videos thank you and see you in the next video you
Info
Channel: D' IgoroTech
Views: 19,547
Rating: undefined out of 5
Keywords: fortinet fortigate, fortigate basic configuration, fortigate configuration, fortigate configuration for beginners, how to configure fortigate firewall, fortigate firewall configuration, fortigate backup configuration, fortigate restore configuration, fortigate tutorials, tutorials for fortigate, fortigate tutorial for beginners, configuration, fortigate firewall, fortigate latest release, fortinet, fortinet configuration step by step, fortinet step by step, pppoe, unboxing fortinet
Id: qDJH9Jq5K8U
Channel Id: undefined
Length: 25min 22sec (1522 seconds)
Published: Wed Jan 13 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.