{"id":61,"date":"2024-03-11T20:47:35","date_gmt":"2024-03-11T13:47:35","guid":{"rendered":"https:\/\/www.tsongpol.com\/?p=61"},"modified":"2024-03-11T20:47:35","modified_gmt":"2024-03-11T13:47:35","slug":"config-for-fortigate-fw","status":"publish","type":"post","link":"https:\/\/www.tsongpol.com\/?p=61","title":{"rendered":"Config for Fortigate FW"},"content":{"rendered":"\n

\u0e15\u0e31\u0e27\u0e2d\u0e22\u0e48\u0e32\u0e07 config \u0e2a\u0e33\u0e2b\u0e23\u0e31\u0e1a\u0e17\u0e33 fortigate FW \u0e41\u0e1b\u0e30\u0e44\u0e27\u0e49\u0e01\u0e48\u0e2d\u0e19 \u0e40\u0e14\u0e4b\u0e27\u0e25\u0e37\u0e21<\/p>\n\n\n\n

config system global   port1 -> wan port2 -> DMZ port3->Lan\r\nset hostname\r\nend\r\n\r\nconfig system interface\r\nshow\r\nedit port3\r\n\r\nset mode static\r\nset ip 192.168.1.99\/24\r\nset allowaccess ping http ssh \r\nset role lan\r\nset alias LAN1\r\nend\r\n\r\n\r\n\r\n==== DHCP ====\r\n\r\nconfig system dhcp server\r\nedit 1\r\nset netmask 255.255.255.0\r\nset interface port1\r\nset default-gateway 192.168.1.99\r\nset vci-match disable\r\nconfig ip-range\r\nedit 1\r\nset start-ip 192.168.1.10\r\nset end-ip 192.168.1.50\r\nend\r\n\r\nset dns-server1 8.8.8.8\r\nend\r\n\r\n===== set internet access\r\n\r\nadd cloud (run from gns vm) --> right click ->config -> show special ethernet interface -> add vibr0 (192.168.122.1)\r\n\r\nplug port1 to wan (virbr0) (192.168.122.1)\r\nset port1 to wan mode, set ip to 192.168.122.240\r\nadd static route -> add 0.0.0.0 -> 192.168.122.1\r\nexecute ping 8.8.8.8\r\n\r\n\r\nallow user to acess internet -> policy -> firewall policy -> lan -> port3\r\ntest machine ping 8.8.8.8\r\n\r\n\r\n======== traffic shapping\r\n\r\n-> poliocy & opject -> traffice shappers -> create new \u0e2a\u0e33\u0e2b\u0e23\u0e31\u0e1a share\r\n-> traffic shapping policy -> create policy and shoot 4shared\r\n\r\n\r\n<\/code><\/pre>\n\n\n\n
Enable Syslog<\/strong><\/p>\n\n\n\n
Enable syslog:\r\nconfig log syslogd3 setting\r\nset status enable\r\nset server <IP>        \/\/IP of FWA installed server\r\nset facility local7\r\nset port 1514\r\nend \r\n\r\nExecute the following commands to enable Traffic:\r\nEnable traffic:\r\nconfig log syslogd3 filter\r\nset severity information\r\nset local-traffic enable\r\nset multicast-traffic enable\r\nset sniffer-traffic enable\r\nset anomaly enable\r\nset voip enable\r\nend<\/code><\/pre>\n\n\n\n
Enabling Nat On TP<\/strong><\/p>\n\n\n\n
- Type two IP@ on the MGMT IP one for Administrative Access (LAN) and the second for gateway (WAN).\r\n\r\n- Configure IPPOOL With the WAN IP@\r\n\r\n- Create a policy and enable nat on it.\r\n\r\n- Create a default static route\r\n\r\n* MGMT IP@\r\n\r\nFGT-TP # config system settings \r\n\r\nFGT-TP (settings) # set manageip 192.168.1.99\/24 192.168.122.240\/24\r\n\r\nFGT-TP (settings) # end\r\n\r\nFGT-TP # \r\n\r\n* IPPOLL Creation\r\n\r\nFGT-TP # config firewall ippool \r\n\r\nFGT-TP (ippool) # edit 1\r\nnew entry '1' added\r\n\r\nFGT-TP (1) # set type overload \r\n\r\nFGT-TP (1) # set startip 192.168.122.240\r\n\r\nFGT-TP (1) # set endip 192.168.122.240\r\n\r\nFGT-TP (1) # end\r\n\r\n* Nat Policy Creation\r\n\r\nconfig firewall policy\r\n    edit 1\r\n        set name \"INTERNET POLICY\"\r\n        set srcintf \"port1\"\r\n        set dstintf \"port3\"\r\n        set srcaddr \"all\"\r\n        set dstaddr \"all\"\r\n        set action accept\r\n        set schedule \"always\"\r\n        set service \"ALL\"\r\n        set logtraffic all\r\n        set ippool enable\r\n        set poolname \"1\"\r\n        set nat enable\r\n    next\r\nend\r\n\r\n* Default Static route\r\n\r\nconfig router static\r\n    edit 1\r\n        set gateway 192.168.122.1\r\n    next\r\nend\r\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
\u0e15\u0e31\u0e27\u0e2d\u0e22\u0e48\u0e32\u0e07 config \u0e2a\u0e33\u0e2b\u0e23\u0e31\u0e1a\u0e17\u0e33 fortigate FW \u0e41\u0e1b\u0e30\u0e44\u0e27\u0e49\u0e01\u0e48\u0e2d\u0e19 \u0e40\u0e14\u0e4b\u0e27\u0e25\u0e37\u0e21 Enable Syslog Enabling Nat On TP<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-61","post","type-post","status-publish","format-standard","hentry","category-configuration"],"_links":{"self":[{"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=\/wp\/v2\/posts\/61","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=61"}],"version-history":[{"count":1,"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=\/wp\/v2\/posts\/61\/revisions"}],"predecessor-version":[{"id":62,"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=\/wp\/v2\/posts\/61\/revisions\/62"}],"wp:attachment":[{"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=61"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=61"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsongpol.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=61"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}