Trusted Network Engineering & Security tutorials, when you need them most.

Beginner’s Guide to Network Engineering

10+

Network & Network Security Experience

1000+

Network & Network Security Tutorials

How to Set Up a Basic FortiGate Firewall for Beginners: A Step-by-Step Guide

Setting up a FortiGate firewall for the first time can seem overwhelming, but with the right guidance, even beginners can configure a secure network in no time. This guide will walk you through the step-by-step process of configuring a FortiGate firewall, covering both the GUI and CLI methods to help you get started.

Introduction to FortiGate Firewalls

FortiGate firewalls, developed by Fortinet, are powerful security appliances that provide firewall protection, VPN services, and advanced security features to protect networks from cyber threats. These firewalls are widely used by businesses and organizations of all sizes due to their reliability and ease of use.

Why Use a FortiGate Firewall?

Robust security features
Intuitive web interface (GUI) and command-line interface (CLI)
High-performance network filtering and traffic management
Integration with security services like FortiGuard

Prerequisites

Before setting up your FortiGate firewall, ensure you have:

A FortiGate device with power supply and network cables
A computer with an Ethernet port for initial setup
Administrative credentials for the FortiGate firewall
A network topology plan (optional but recommended)

Initial Setup via GUI

Step 1: Connect to the FortiGate Firewall

Plug an Ethernet cable from your computer to the FortiGate’s LAN port.
Set your computer’s IP address to 192.168.1.2 (Subnet: 255.255.255.0).
Open a web browser and enter https://192.168.1.99.
Log in using the default credentials (admin with no password, unless changed previously).

Step 2: Configure Network Interfaces

Navigate to Network > Interfaces.
Select the WAN interface and configure it with your ISP’s settings (Static IP/DHCP/PPPoE).
Set the LAN interface to use an appropriate subnet (e.g., 192.168.1.1/24).
Click Apply.

Step 3: Set Up Administrative Access

Navigate to System > Administrators.
Change the default admin password to a strong, secure password.
Optionally, create additional administrator accounts with role-based access.
Enable HTTPS and SSH access under System > Settings.

Step 4: Configure Firewall Policies

Go to Policy & Objects > Firewall Policy.
Click Create New and configure:
- Name: Allow Internet Access
- Incoming Interface: LAN
- Outgoing Interface: WAN
- Source: All
- Destination: All
- Action: Accept
- Service: ALL
Click OK to save.

Step 5: Enable Security Features

Go to Security Profiles and enable:
- Antivirus
- Web Filtering
- Intrusion Prevention
- Application Control
Apply the profiles to your firewall policy.

Step 6: Save and Test the Configuration

Save the configuration changes.
Connect a device to the LAN and test internet connectivity.
Verify traffic logs under Log & Report > Traffic Log.

Initial Setup via CLI

Step 1: Configure Network Interfaces

config system interface
    edit "wan1"
        set mode dhcp
    next
    edit "lan"
        set ip 192.168.1.1/24
        set allowaccess ping https ssh http
    next
end

Step 2: Set Administrative Access

config system admin
    edit "admin"
        set password <new_secure_password>
        set accprofile super_admin
    next
end

Step 3: Configure Firewall Policies

config firewall policy
    edit 1
        set name "Allow Internet Access"
        set srcintf "lan"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
    next
end

Step 4: Enable Security Features

config firewall profile-group
    edit "Basic_Security"
        set av-profile "default"
        set webfilter-profile "default"
        set ips-sensor "default"
    next
end

Step 5: Save and Verify Configuration

execute save
get system status

Troubleshooting Common Issues

No Internet Access: Verify WAN settings and DNS configuration.
Cannot Access GUI: Check firewall policies allowing HTTPS access.
Slow Performance: Optimize security profiles and enable caching.
Login Issues: Reset admin credentials via console if necessary.

Best Practices for Firewall Security

Change default passwords and use multi-factor authentication (MFA).
Regularly update FortiGate firmware to patch vulnerabilities.
Limit administrative access to trusted IP addresses.
Enable logging and monitor security events frequently.

Conclusion

Setting up a FortiGate firewall may seem complex at first, but following this step-by-step guide ensures a smooth and secure deployment. Whether using the GUI or CLI, properly configuring network interfaces, firewall policies, and security settings is crucial for protecting your network from threats. By applying best practices, you can maintain a robust security posture while efficiently managing network traffic.

Disclosure: My content is reader-supported. This means if you click on some of my links, then i may earn a commission. See how my blog is funded, why it matters, and how you can support me. Here’s my editorial process.

0 Comments

Submit a Comment Cancel reply

Over 2,000,000+ Readers

Get fresh content from KevinDarian.com

Featured Blog Post

How to Create and Manage Firewall Policies on FortiGate

How to Set Up FortiGate Firewall Logging and Reporting for Effective Security Monitoring

Ultimate Guide to FortiGate UTM Features: Unifying Network Security

How to Implement Advanced Threat Protection with FortiGate Firewalls

FortiGate vs. Cisco ASA: Which Firewall is Best for Your Business?

Licenses & Certifications

[wdcl_image_carousel nav_pagi=”none” slide_count=”4″ slide_count_tablet=”3″ slide_count_phone=”1″ slide_count_last_edited=”on|phone” _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/ISC2-Certified-in-Cybersecurity-Certificate-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” border_radii_item=”on|8px|8px|8px|8px” global_colors_info=”{}”][/wdcl_image_carousel_child][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/Google-Cybersecurity-Certification-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” border_radii_item=”on|8px|8px|8px|8px” global_colors_info=”{}”][/wdcl_image_carousel_child][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/Google-Data-Analytics-Certification-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” border_radii_item=”on|8px|8px|8px|8px” global_colors_info=”{}”][/wdcl_image_carousel_child][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/Google-IT-support-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” border_radii_item=”on|8px|8px|8px|8px” global_colors_info=”{}”][/wdcl_image_carousel_child][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/CCNA-1-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][/wdcl_image_carousel_child][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/CCNA-2-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][/wdcl_image_carousel_child][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/Cisco-Cybersecurity-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” border_radii_item=”on|8px|8px|8px|8px” global_colors_info=”{}”][/wdcl_image_carousel_child][wdcl_image_carousel_child photo=”https://kevindarian.com/wp-content/uploads/2025/02/Network-Security-pdf.jpg” _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][/wdcl_image_carousel_child][/wdcl_image_carousel]