Fortinet Document Library

Version:

7.0.1
7.0.0
6.4.7

Version:

6.4.6
6.4.5
6.4.4

Version:

6.4.3
6.4.2
6.4.1

Version:

6.4.0

Table of Contents

Administration Guide

7.0.1
7.0.1
7.0.0
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Download PDF
Copy Link

Basic configuration

This topic will help you configure a few basic settings on the FortiGate as described in the Using the GUI and Using the CLI sections, including:

Configuring an interface

It is unlikely the default interface configuration will be appropriate for your environment and typically requires some effort of the administrator to use these settings, such as being physically near the FortiGate to establish a serial connection. Therefore, the first step is to configure an interface that can be used to complete the FortiGate configuration.

To configure an interface in the GUI:

  1. Go to Network > Interfaces. Select an interface and click Edit.

  2. Enter an Alias.

  3. In the Address section, enter the IP/Netmask.

  4. In Administrative Access section, select the access options as needed (such as PING, HTTPS, and SSH).

  5. Optionally, enable DHCP Server and configure as needed.

  6. Click OK.

To configure an interface in the CLI:
config system interface
    edit "port2"
        set ip 203.0.113.99 255.255.255.0
        set allowaccess ping https ssh
        set alias "Management"
    next
end

Configuring the hostname

Setting the FortiGate’s hostname assists with identifying the device, and it is especially useful when managing multiple FortiGates. Choose a meaningful hostname as it is used in the CLI console, SNMP system name, device name for FortiGate Cloud, and to identify a member of an HA cluster.

To configure the hostname in the GUI:

  1. Go to System > Settings.

  2. Enter a name in the Host name field.

  3. Click Apply.

To configure the hostname in the CLI:
config system global
    set hostname 200F_YVR
end

Configuring the default route

Setting the default route enables basic routing to allow the FortiGate to return traffic to sources that are not directly connected. The gateway address should be your existing router or L3 switch that the FortiGate is connected to. If you are directly connecting to the FortiGate, you may choose your endpoint’s IP address as the gateway address. Set the interface to be the interface the gateway is connected to.

To configure the default route in the GUI:

  1. Go to Network > Static Routes and click Create New.

  2. Leave the destination subnet as 0.0.0.0/0.0.0.0. This is known as a default route, since it would match any IPv4 address.

  3. Enter the Gateway Address.

  4. Select an Interface.

  5. Click OK.

To configure the default route in the CLI:
config router static
    edit 0
        set gateway 192.168.1.254
        set device port1
    next
end

Ensuring internet and FortiGuard connectivity

This step is not necessary for the configuration; however, it is necessary in order to keep your FortiGate up to date against the latest threats. Updates are provided to FortiGates that are registered and make a request to the FortiGuard network to verify if there are any more recent definitions.

Use execute ping <domain.tld> to ensure the DNS resolution is able to resolve the following FortiGuard servers:

  • fds1.fortinet.com

  • service.fortiguard.net

  • update.fortiguard.net

You also need to ensure the necessary ports are permitted outbound in the event your FortiGate is behind a filtering device. Refer to the Ports and Protocols document for more information.

Basic configuration

This topic will help you configure a few basic settings on the FortiGate as described in the Using the GUI and Using the CLI sections, including:

Configuring an interface

It is unlikely the default interface configuration will be appropriate for your environment and typically requires some effort of the administrator to use these settings, such as being physically near the FortiGate to establish a serial connection. Therefore, the first step is to configure an interface that can be used to complete the FortiGate configuration.

To configure an interface in the GUI:

  1. Go to Network > Interfaces. Select an interface and click Edit.

  2. Enter an Alias.

  3. In the Address section, enter the IP/Netmask.

  4. In Administrative Access section, select the access options as needed (such as PING, HTTPS, and SSH).

  5. Optionally, enable DHCP Server and configure as needed.

  6. Click OK.

To configure an interface in the CLI:
config system interface
    edit "port2"
        set ip 203.0.113.99 255.255.255.0
        set allowaccess ping https ssh
        set alias "Management"
    next
end

Configuring the hostname

Setting the FortiGate’s hostname assists with identifying the device, and it is especially useful when managing multiple FortiGates. Choose a meaningful hostname as it is used in the CLI console, SNMP system name, device name for FortiGate Cloud, and to identify a member of an HA cluster.

To configure the hostname in the GUI:

  1. Go to System > Settings.

  2. Enter a name in the Host name field.

  3. Click Apply.

To configure the hostname in the CLI:
config system global
    set hostname 200F_YVR
end

Configuring the default route

Setting the default route enables basic routing to allow the FortiGate to return traffic to sources that are not directly connected. The gateway address should be your existing router or L3 switch that the FortiGate is connected to. If you are directly connecting to the FortiGate, you may choose your endpoint’s IP address as the gateway address. Set the interface to be the interface the gateway is connected to.

To configure the default route in the GUI:

  1. Go to Network > Static Routes and click Create New.

  2. Leave the destination subnet as 0.0.0.0/0.0.0.0. This is known as a default route, since it would match any IPv4 address.

  3. Enter the Gateway Address.

  4. Select an Interface.

  5. Click OK.

To configure the default route in the CLI:
config router static
    edit 0
        set gateway 192.168.1.254
        set device port1
    next
end

Ensuring internet and FortiGuard connectivity

This step is not necessary for the configuration; however, it is necessary in order to keep your FortiGate up to date against the latest threats. Updates are provided to FortiGates that are registered and make a request to the FortiGuard network to verify if there are any more recent definitions.

Use execute ping <domain.tld> to ensure the DNS resolution is able to resolve the following FortiGuard servers:

  • fds1.fortinet.com

  • service.fortiguard.net

  • update.fortiguard.net

You also need to ensure the necessary ports are permitted outbound in the event your FortiGate is behind a filtering device. Refer to the Ports and Protocols document for more information.