Articles from Plain Tutorials

Basic Fortigate Firewall Configuration

2012- 05- 01 09:05:56 Hao Nguyen

If you want t o equip your net work wit h an af f ordable f irewall and easy
administ rat ion, Fort igat e is a right choice f or you. Fort igat e f irewall ranges
f rom 20C t o 5000 series wit h chassis f or service providers net works. For a
medium company, a Fort igat e 200B is powerf ul enough t o handle up t o 10,000
concurrent sessions and mult iple 100Mbps internet bandwidth. T hese
numbers are f act s f rom my personal real t est s, t he CPU of t he f irewall went
up t o 85%, memory ut ilizat ion went up t o 90%. Specs f rom Fort inet might be
dif f erent because it is maximum capacit y. Anyway, t his t ut orial is t o show you
where t he f irewall resides wit hin your net work, and how t o basically conf igure it
t o work wit h your net work. I will use a Fort igat e 200B as t he f irewall in t his
t ut orial.

Content at a glance
Firewall basic knowledge
Where t o place t he f irewall?
Connect ing t o Fort igat e at t he f irst t ime
Conf iguring net work int erf aces
Conf iguring Rout ing T able
Conf iguring Firewall Policy

Firewall basic knowledge

A f irewall basically will have t hese conf igurat ions
Interf ace: where t he f irewall communicat e wit h ot her devices in your
net work. T his could be int ernal LAN, ext ranet , or int ernet . Basically you
will allocat e IP addresses f or t hese int erf aces.
Routing T able: where t o send t he packet s t o. You could see a rout ing
t able on almost every net work-support ed devices, such as ADSL
Rout er, wireless rout er, rout ers, f irewall, and even on your PC (Mac,
Windows, Linux,...)
Firewall Policy: what t ype of t raf f ic is allowed or denied t o pass t hrough
t he f irewall. T his is t he main part of a f irewall where you could cont rol
t he access per IP/subnet . On advanced f irewalls, you could f ind policy
component s where it is used t o build f irewall policy, such as scheduler,
bandwidt h t hrot t ling, address, service, et c.
Operation Mode: NAT or T ransparent. If you use t he Fort igat e as a
f irewall bet ween your privat e net work and public net work, NAT /Rout e is
f or t his sit uat ion. If you place t he f irewall behind anot her f irewall or wit hin
your int ernal net work, T ransparent mode could be used.