Thursday, September 13, 2012

Fortigate Firewall Basic Setup Steps

Plug the router into your PC using the LAN port

Setup your internal network card to use static IP 192.168.1.10

Access the Fortigate using the IP 192.168.1.99

Username is Admin password is blank

Once you are logged on start the Wizard on the top right and follow the prompts:

image

Once you have configured the base settings including your internal IP and external IP you will be prompted for a Virtual IP. This is for routing an external IP to an Internal IP. You can use the wizard or add it later using the “Firewall Objects” ” Virtual IP” “Virtual IP” as shown in the example below:

image

In the example above the External IP is going to the internal IP 192.168.16.2 the “SBS” server

Note: for the internal and external address range if just one IP only enter address in first field leave end of range blank.

You will likely need to restart the device at this point after saving your settings and change your IP as necessary to reach the revised firewall address.

Below is an Example of my “System” “Network” “Interface” after configuration.

Note: I disabled Guest Wifi.

image

Below is an Example of my “System” “Network” “Routing” after configuration.

image

DHCP is located in “System” “Network” “DHCP Server” as shown below:

image

Below is an Example of my “Firewall Objects” Virtual IP“ “Virtual IP” after configuration:

image

Below is an Example of the policies for port enabling. Source is ALL and destination is the “Virtual IP” device you defined, in my example “SBS” this is setup in “Policy” ”Policy“:

image

Note: Check for Firmware Updates and Register your device!

Email Reverse DNS checkup

Problem: email is being rejected by recipient server due to DNS mismatch

Solution: Confirm Reverse DNS is configured

Go to MXtoolbox.com and select SPF records

Then enter in ptr:(your external IP) for example ptr:208.65.144.12 as shown below:

image 

Click “SPF Record Lookup”

And you should see the following with your domain name listed. If it is not Contact your ISP and ask them to create an RDNS record for you.

image

Reconfirm the RDNS record was changed and propagated by repeating steps above.