Config for Fortigate FW

ตัวอย่าง config สำหรับทำ fortigate FW แปะไว้ก่อน เด๋วลืม

config system global   port1 -> wan port2 -> DMZ port3->Lan
set hostname
end

config system interface
show
edit port3

set mode static
set ip 192.168.1.99/24
set allowaccess ping http ssh 
set role lan
set alias LAN1
end



==== DHCP ====

config system dhcp server
edit 1
set netmask 255.255.255.0
set interface port1
set default-gateway 192.168.1.99
set vci-match disable
config ip-range
edit 1
set start-ip 192.168.1.10
set end-ip 192.168.1.50
end

set dns-server1 8.8.8.8
end

===== set internet access

add cloud (run from gns vm) --> right click ->config -> show special ethernet interface -> add vibr0 (192.168.122.1)

plug port1 to wan (virbr0) (192.168.122.1)
set port1 to wan mode, set ip to 192.168.122.240
add static route -> add 0.0.0.0 -> 192.168.122.1
execute ping 8.8.8.8


allow user to acess internet -> policy -> firewall policy -> lan -> port3
test machine ping 8.8.8.8


======== traffic shapping

-> poliocy & opject -> traffice shappers -> create new สำหรับ share
-> traffic shapping policy -> create policy and shoot 4shared

Enable Syslog

Enable syslog:
config log syslogd3 setting
set status enable
set server <IP>        //IP of FWA installed server
set facility local7
set port 1514
end 

Execute the following commands to enable Traffic:
Enable traffic:
config log syslogd3 filter
set severity information
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set voip enable
end

Enabling Nat On TP

- Type two IP@ on the MGMT IP one for Administrative Access (LAN) and the second for gateway (WAN).

- Configure IPPOOL With the WAN IP@

- Create a policy and enable nat on it.

- Create a default static route

* MGMT IP@

FGT-TP # config system settings 

FGT-TP (settings) # set manageip 192.168.1.99/24 192.168.122.240/24

FGT-TP (settings) # end

FGT-TP # 

* IPPOLL Creation

FGT-TP # config firewall ippool 

FGT-TP (ippool) # edit 1
new entry '1' added

FGT-TP (1) # set type overload 

FGT-TP (1) # set startip 192.168.122.240

FGT-TP (1) # set endip 192.168.122.240

FGT-TP (1) # end

* Nat Policy Creation

config firewall policy
    edit 1
        set name "INTERNET POLICY"
        set srcintf "port1"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set ippool enable
        set poolname "1"
        set nat enable
    next
end

* Default Static route

config router static
    edit 1
        set gateway 192.168.122.1
    next
end