FORTIGATE IN 7 DAYS
Learn Fortigate in 7 days enables you to learn all the basic concepts of Fortigate firewall used on Data center, Branch, Remote site and HQ location. It guide will help you to learn how to configure the Fortigate firewall, security features, VPN like IPSEC , Remote tunnel , and also how to configure content filtering on Fortigate firewall.
In this section you will use the Fortigate Firewall GUI to configure all sections or all topics used in day to day life for securing branch, datacenter network.
The Course Pedagogy will help you to learn the following concepts on Learn Fortigate in 7 days.
- How to install and setup Fortigate in LAB environment
- How routing is done on Fortigate Firewall
- How to configure Fortigate in NAT-ROUTE Mode
- Configuring Fortigate in Transparent Mode
- How to configure VDOM in Fortigate
- Learn the concept of policy filters and end points security
- How to configure policy filters and end points security
- Configuring Fortigate in HA mode and configure Traffic shaping in Fortigate
- Learn how to configure WIFI network on schedule
- Learn the concept of VPN & Tunneling
- Learn how to prevent the certificate warning
- Configure IPSEC VPN via Fortigate Client
- Configure IPSEC tunnel between two Fortigate Machine
UTM is the Unified Threat Management System which integrates Networking and Security features. A fortigate device helps in following ways:
- Layer 2 and Layer3 Networking Services
- Provides Security Services like Firewall , Secure VPN , IPS and Endpoint Security
- Application Security services like Spam & Virus Control, Web filtering, Application Control etc.
Unboxing the Fortigate Device:
When we unbox the Fortigate device, in box we will have the device, a quick start guide, power cord, CD-ROM with Software, RJ45 and DB-9 Serial cable.
With license purchased, the device have some or all available features like:
- FortiCare: Includes Hardware Support and software upgrades
- Bundle: This License contains UTM features like antivirus, Web filtering, IPS, and anti-spam.
- Individual License: Buy one or more single license for individual features.
Any feature we want to use, we can enable or disable based on our requirement.
Following is the Port configuration a fortigate device has depends upon the model purchased.
To login the fortigate, we have three option:
- A FortiExplorer
- Via CLI
- Via Web-Based Manager via Fortigate default IP: 192.168.1.99/24 with username admin and no password is required.
Following is the step wise procedure to follow for any new fortigate device:
Changing the following Options:
- Change the admin password :- As you first time login to Fortigate it will ask for password change on Web browser
- Name of the Host
- Time and Time Zone
Selecting the NAT Mode or Transparent mode:
Any fortigate device runs in to two modes NAT/ Routing mode or transparent mode.
- NAT/Routing Mode: In this Mode a fortigate device works as Layer 3 device, capable of doing Routing and acts as a gateway between different networks. This is default mode of Fortigate device.
- Transparent Mode: In this Mode all interface of the Fortigate device are on same network which further acts as a bridge between network segments.
How to configure both mode is discussed on Lab section part.
When you are done with basic installation of your fortigate, one should register your device with fortigate where you will be able to find all new updates related to your device and to activate the features associated with fortigate unit license. To register your fortigate appliance, you should now your hostname and SN which you will get from Fortigate dashboard.
Once your device is registered, download the recent version of firmware and install it to your fortigate unit. Use following figure to update your firmware.
Backup and restore can also be performed by following figure:
Updating Definition and Services:
You can very well see the updates and version of all your firmware, license version from fortigate feature called fortiGuard. This service is registered automatically and updated should be received from fortinet by default. Once you see any updates, just click on Allow Push Updates to verify the updates and then update option.
Configuring VLAN and Logical Interface:
With the help of fortgate we can configure VLAN and logical interface, it used 802.1q tag for data frames from different VLANs. Below figure will describe how to configure VLAN interface.
Select Network | Interface | select Create New Interface
But if on any interface, it is requirement that fortigate to support multiple VLAN traffic then we can make it as Trunk. Now Once VLAN is defined, we can aggregate multiple ports in to single logical entity. Such combination of ports in to logical unit is called as Software Switch.
This switch group’s physical interface in a software interface called soft switch, and all interface in soft switch shares one IP address and become single entity. This method is sometime helpful when we have to aggregate different interface that are on same subnet without creating firewall policy.
Likewise we can also create the Loopback interface, Redundant Interface and 802.3ad Lacp aggregation from same method.