Scribd
Upload
360 views

How To Setup FortiGate Firewall To Access Manual

In NAT/Route mode, a FortiGate unit acts as a gateway between private and public networks, hiding private IP addresses using NAT. This allows restricted access to the Internet. Two policies are created - a general policy allowing only basic services, and an administrator PC policy allowing unrestricted access. The configuration is tested by accessing the Internet from both admin and regular PCs to monitor policy counters.

Uploaded by

harish shinhan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
360 views

How To Setup FortiGate Firewall To Access Manual

In NAT/Route mode, a FortiGate unit acts as a gateway between private and public networks, hiding private IP addresses using NAT. This allows restricted access to the Internet. Two policies are created - a general policy allowing only basic services, and an administrator PC policy allowing unrestricted access. The configuration is tested by accessing the Internet from both admin and regular PCs to monitor policy counters.

Uploaded by

harish shinhan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

How to Setup FortiGate Firewall To Access

The Internet

In this case, NAT/Route mode is used which allows FortiGate to hide the IP addresses of the private network
using network address translation (NAT).

NAT mode is the most commonly used operating mode for a FortiGate.
Transparent vs NAT/Route mode

A FortiGate unit can operate in one of two modes: Transparent or NAT/Route mode.

In Transparent mode, the FortiGate is installed between the internal network and the router. In this mode, the
FortiGate does not make any changes to IP addresses and only applies security scanning to traffic. When a
FortiGate is added to a network in Transparent mode, no network changes are required, except to provide the
FortiGate with a management IP address. Transparent mode is used primarily when there is a need to increase
network protection but changing the configuration of the network itself is impractical.

In NAT/Route mode, a FortiGate unit is installed as a gateway or router between two networks. This allows the
FortiGate to hide the IP addresses of the private network using network address translation (NAT).

More at: https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/421070/installing-a-fortigate-in-nat-mode


Login to the FortiGate’s web-based manager

Log in using an admin account. The default admin account has the username admin and no password.
Configure the internal and WAN interfaces

Go to system –> Network –> Interfaces


Configure the WAN interface

Configure the internal interface

In this case DHCP is enabled


In the MAC Address Access Control List, assign the mac address and IP address of the administrator PC
Review the Configuration
Configure default route at

Router –> Static –> Static Routes

Set the Destination IP/Mask to 0.0.0.0/0.0.0.0, the Device to the Internet-facing interface, and the Gateway to the
gateway (or default route) provided by your ISP or to the next hop router, depending on your network
requirements.
Review configuration
Configure DNS Setting

you can keep the default if you want to


Configure Policies

Two policies are created in this scenario


1. General policy – restricted internet access
2. Administrator PC policy – unrestricted internet access can be given

General Policy

Only HTTP, HTTPS, DNS services are allowed


Enable NAT and session logging
Administrator PC policy

Firstly you have to create a new address for admin PC at Firewall Objects –> Address

appropriate subnet number and the interface is configured


Review created address
Then create the policy for admin PC. All the services are allowed in this case
Test the policy configuration by accessing internet using the admin PC and another PC in the network. Monitor the
counter changes in policies

You might also like