Deploying a FortiGate 50B Firewall


FortiGate is an Unified Threat Management (UTM) appliance for small to medium business by . This is a good product to protect a small business which uses DSL connections for their internet as this firewall has a firewall throughput of 50Mbps with some good VPN and UTM features.

I will go through the basic setup required to get a FortiGate 50B appliance configured for your company or for your clients. Below setups will help you navigate the features bit easily so you can pick and choose what you want out of the complete configuration.

  1. Booting up for the first time
  2. Default access credentials and methods for accessing the appliance
  3. Activate your UTM subscription services through service.
  4. Setup basic network and routing setups
  5. Basic NAT setup for users to access the external resources
  6. Configure advance NAT/PAT rules for your servers and services
  7. Enabling UTM features and basic Firewall policy management
  8. Ready to deploy into the wild

Booting up for the first time

Un-box the unit and grab the power and console cables out so we can start the booting up. Before you power the unit up plug in the console cable to your laptop’s console you can check the booting process and power the unit. Below screenshot shows what the booting screen should looks like but note firmware versions and some other variables might change depending on the versions you are on.

 

Default access credentials and methods for accessing the appliance

Default access credentials for the FortiGate 50B is as below;

User Name: admin
Password: (Blank)

To access the appliance you can use Console access or GUI access, FortiGate products are much easier to manage using the GUI as the CLI is not that user friendly like the gear I usually configure. Out of the box your WAN interfaces comes with DHCP enabled. But the internal interface is set to 192.168.1.99, you can find the IP address set by using the following commands;

internal   static   192.168.1.99 255.255.255.0  up   disable   physical
modem   static   0.0.0.0 0.0.0.0  down   disable   physical
ssl.root   static   0.0.0.0 0.0.0.0  up   disable   tunnel
wan1   dhcp   192.168.99.138 255.255.255.0  up   disable   physical
wan2   static   0.0.0.0 0.0.0.0  up   disable   physical

So by setting your laptops IP address to be in the same subnet as 192.168.99.0/24 you can start accessing the GUI. Below video shows how to execute this command on your FortiGate.

FortiGate 50B Checking the Internal Interface IP Address

 

Below video shows how to setup the IP address on a interface using the CLI.

 

Activate your UTM subscription services through service.

Next step is to register and activate your product so you can start using the UTM update services from FortiGuard. If you brought the unit as a UTM bundle you should be getting access to these features. Basically these features keep the firewall up-to-date with IPS, IDS, Anti-Virus and Anti-Spam updates.

Easiest way to do this is to follow the below steps through the GUI;

  1. Go to the Dashboard
  2. Select License Information Widget
  3. Select Registration
  4. Create new account and fill in the details

After the registration is completed your services should start to be activated with the UTM package you brought (in order for the process to work you have to have the appliance WAN connection up).

Next step is to find the latest firmware and update your unit. https://support.fortinet.com/ is the FortiNet support website where you can grab the firmware and other useful updates to keep your appliance up to date.

Below video go through some basic appliance configuration and bit on the above process.

Basic appliance configuration

Basic NAT setup for users to access the external resources

Below video go through the basic NAT setup for users to access the external resources (Global NAT overloading)

Basic NAT setup for users to access the external resources

Setup basic network and routing setups

Below video go through the basic network and routing setup of the unit and basic Network Address Translation (NAT)/Port Address Translation (PAT) setup to publish your server(s) to outside.

Setup basic network and routing setups

 

Enabling UTM features and basic Firewall policy management

Below video go through basic UTM feature setup and enabling it on Firewall policies.

FortiGate 50B Basic UTM Features Enabling