Fortigate Labs
Fortigate Labs
Fortigate Labs
In NAT route, a Fortigate is deployed as a gateway/ router between two networks, i.e., private
network and public network (Internet).
The WAN interface is connected to the ISP network and the internal port (Port 1) is connected
to internal network.
➢ Configuring Network Interface:
1. Go to Network -> Interfaces
2. Select the interface to configure and click on edit.
3. Set Alias name in such a manner that you should be able to recognize the role of that
particular interface.
4. Set addressing mode to Manual and enter IP/ Network mask.
5. Select interface state Enabled, to enable that interface.
6. Click on OK to save the config.
➢ Create a Policy
1. Go to Policy & Objects -> IPv4 Policy
2. Click on Create New.
3. Enter the name for your policy.
4. Select the Incoming and Outgoing interface.
5. Set Source and Destination Address.
6. Select all services
7. Set Action to ACCEPT
8. Enable NAT
9. Select Use Outgoing Interface Address.
10. Enable Log Allowed Traffic to log all traffic.
➢ Inspecting Traffic
1. Go to FortiView -> Policies.
2. Right click on any policy and Select Drill Down to see the details.
Lab 3: Blocking FB
➢ Enabling Web Filtering:
1. Go to System -> Feature Visibility
2. Inside Security Features, enable Web Filter
➢ Observations:
1. We can monitor all the information of HA from the dashboard.
2. Once the heartbeat interfaces are connected, both the Primary and secondary FW
are visible in Settings -> HA.
3. We left click on the widget and select show HA historical events to view all traffic
flowing between the FWs.
Lab 6: DNS Filtering
It is done to block access to bandwidth consuming websites. We can enable DNS filtering
from System -> Feature Visibility and then enabling DNS Filter under Security Features.
➢ Creating a DNS web filter profile:
1. Go to Security Profiles -> DNS Filter, and edit the default profile.
2. Enable FortiGuard category-based filter, right click Bandwidth Consuming, and
set it to Block.
➢ Configuring Fortigate2:
Configure this firewall in same way as above.
➢ Results:
1. We can ping any device from LAN1 to LAN2 and vice versa.
2. The tunnel status can be in VPN > IPSec VPNs.