Professional Documents
Culture Documents
Configuration: Username: Admin Password: No Password
Configuration: Username: Admin Password: No Password
Configuration: Username: Admin Password: No Password
After assign the system with DHCP then open the browser login with the
IPv4 default gateway https://192.168.1.99.
Step 2:
Network ----> Interface
Select any one LAN/mgmt interface as show below then edit
Fig 2.1
Edit the following details:
Alias: Lan
Role: Lan
IP/Network Mask: x.x.x.x/24
Administrative Access: Enable which is required
Once we give the IP/Network Mask as per the requirement then we need
to change the system IP address into manual from automatic.
[Note: Firewall default gateway and your system default gateway should
be same.]
To create WAN interface select one wan click on that and edit the
followings details as shown below:
Alias: Internet
Role: WAN
Addressing mode: DHCP
Distance: 10
Administrative access: Enable as per requirement
Scan Outgoing Connections to Botnet Sites:
Disable Block Monitor
Manual: We will assign the IP addresses
DHCP: Automatically assign the IP addresses
PPPOE: is used to connect a PC or a router to a modem via an Ethernet
link
Step 3:
Network ----> Static routes
Edit the Interface: Internet
Gateway address: 192.168.10.1 click ok
Step 4:
Policy and Objects ----> Addresses
Click on create new under that select address
Name: x.x.x.x
Subnet/ IP range: x.x.x.x/x.x.x.x
Step 5:
Policy and Objects ----> IPv4
If any policies are existing means edit that policy, otherwise create new
policy as follows:
Name: Internet
Incoming Interface: Lan
Outgoing Interface: Internet
Source: all/Based on requirement select
Destination: all/Based on requirement select
Services: all/Based on requirement select
Action: Accept/Deny
Firewall / Network Options
Nat: enable
Security Profiles
Antivirus: Enable
Web Filter: Enable/Disable
Application Control: Enable/Disable
Logging Options
Log Allowed Traffic: All sessions
Step 6:
1. Security Profiles ---> Antivirus
To enter the name first go to Adding name for
System ---> settings ---> feature visibility select both Web Filter
Multiple Interface Policies and Application
Then to add address select + and add address Filter
Web Filter:
Static URL Filter -
URL filter Enable it
then create new to block/enable any specific URL
Fig 6.2 a
Fig 6.2 b
For example from the above mention (fig 6.2 a) We Enable specific
links (google.com, gmail.com, and youtube.com) enter that then select
URL: google.com
Type: Wildcard
Action: Exempt
Application Control:
Application Overrides -
Click on Add Signatures then add filter under that
select name (enter which one should be blocked) and
select all (option) then click use selected signatures
Fig 6.3
For example in the above mention (fig 6.3) we have blocked gmail,
google and youtube
[ Click Add Signature then enter Add Filter under that select Name
(google.com) then click Select all ]
Step 7:
Log and Report ---> Forward Traffic click on anyone to view the
details
NOTE:
1. Default IP of Fortigate -192.168.1.99
2. Connect to mgmt port for 1st time
3. Then go to interface (Fortigate) add address which you needed then
connect to the port which you required and change the system IP
4. In interface if the IP address is (172.20.20.10/24) then system ip
should be (172.20.20.12/24).
5. To access internet, we have to create one policy with the system IP
address in the source.
6. To access Fortigate, IP default gateway address only.
7. Enable Multiple Interface Policy and then click implicit enable the
Log Violation Traffic.