Fortinet black logo

Cookbook

Configuring the first FortiGate (Peer-1)

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:289086
Download PDF

Configuring the first FortiGate (Peer-1)

Configure Peer-1 with the following settings:

  1. Enable virtual domain configuration, add vdom1, set vdom1 to proxy mode (to support VoIP profiles), and add port1 and port2 to vdom1.

    config system global

    set vdom-admin enable

    end

    config vdom

    edit vdom1

    config system settings

    set inspection-mode proxy

    end

    end

    config system global

    config system interface

    edit port1

    set vdom vdom1

    next

    edit port2

    set vdom vdom1

    end

    end

  2. Create a virtual wire pair between port1 and port2.

    config vdom

    edit vdom1

    config system virtual-wire-pair

    edit my-wire-pair

    set member port1 port2

    end

    end

  3. Create a virtual wire pair policy to allow all traffic between port 1 and port 2. This example policy applies antivirus scanning, application control, and VoIP profiles.

    config vdom

    edit vdom1

    config firewall policy

    edit 1

    set srcintf port1 port2

    set dstintf port1 port2

    set srcaddr all

    set dstaddr all

    set service ALL

    set schedule always

    set action allow

    set utm-status enable

    set av-profile default

    set application-list default

    set voip-profile default

    end

  4. Configure Peer-1 for FGSP.

    config system cluster-sync

    edit 1

    set peerip 10.10.10.2

    set peervd root

    set syncvd vdom1

    next

    edit 2

    set peerip 10.10.10.3

    set peervd root

    set syncvd vdom1

    next

    edit 3

    set peerip 10.10.10.4

    set peervd root

    set syncvd vdom1

    end

Configuring the first FortiGate (Peer-1)

Configure Peer-1 with the following settings:

  1. Enable virtual domain configuration, add vdom1, set vdom1 to proxy mode (to support VoIP profiles), and add port1 and port2 to vdom1.

    config system global

    set vdom-admin enable

    end

    config vdom

    edit vdom1

    config system settings

    set inspection-mode proxy

    end

    end

    config system global

    config system interface

    edit port1

    set vdom vdom1

    next

    edit port2

    set vdom vdom1

    end

    end

  2. Create a virtual wire pair between port1 and port2.

    config vdom

    edit vdom1

    config system virtual-wire-pair

    edit my-wire-pair

    set member port1 port2

    end

    end

  3. Create a virtual wire pair policy to allow all traffic between port 1 and port 2. This example policy applies antivirus scanning, application control, and VoIP profiles.

    config vdom

    edit vdom1

    config firewall policy

    edit 1

    set srcintf port1 port2

    set dstintf port1 port2

    set srcaddr all

    set dstaddr all

    set service ALL

    set schedule always

    set action allow

    set utm-status enable

    set av-profile default

    set application-list default

    set voip-profile default

    end

  4. Configure Peer-1 for FGSP.

    config system cluster-sync

    edit 1

    set peerip 10.10.10.2

    set peervd root

    set syncvd vdom1

    next

    edit 2

    set peerip 10.10.10.3

    set peervd root

    set syncvd vdom1

    next

    edit 3

    set peerip 10.10.10.4

    set peervd root

    set syncvd vdom1

    end