Basic configuration
This topic will help you configure a few basic settings on the FortiGate as described in the Using the GUI and Using the CLI sections, including:
Configuring an interface
It is unlikely the default interface configuration will be appropriate for your environment and typically requires some effort of the administrator to use these settings, such as being physically near the FortiGate to establish a serial connection. Therefore, the first step is to configure an interface that can be used to complete the FortiGate configuration.
To configure an interface in the GUI:
-
Go to Network > Interfaces. Select an interface and click Edit.
-
Enter an Alias.
-
In the Address section, enter the IP/Netmask.
-
In Administrative Access section, select the access options as needed (such as PING, HTTPS, and SSH).
-
Optionally, enable DHCP Server and configure as needed.
-
Click OK.
To configure an interface in the CLI:
config system interface edit "port2" set ip 203.0.113.99 255.255.255.0 set allowaccess ping https ssh set alias "Management" next end
Configuring the hostname
Setting the FortiGate’s hostname assists with identifying the device, and it is especially useful when managing multiple FortiGates. Choose a meaningful hostname as it is used in the CLI console, SNMP system name, device name for FortiGate Cloud, and to identify a member of an HA cluster.
To configure the hostname in the GUI:
-
Go to System > Settings.
-
Enter a name in the Host name field.
-
Click Apply.
To configure the hostname in the CLI:
config system global set hostname 200F_YVR end
Configuring the default route
Setting the default route enables basic routing to allow the FortiGate to return traffic to sources that are not directly connected. The gateway address should be your existing router or L3 switch that the FortiGate is connected to. If you are directly connecting to the FortiGate, you may choose your endpoint’s IP address as the gateway address. Set the interface to be the interface the gateway is connected to.
To configure the default route in the GUI:
-
Go to Network > Static Routes and click Create New.
-
Leave the destination subnet as 0.0.0.0/0.0.0.0. This is known as a default route, since it would match any IPv4 address.
-
Enter the Gateway Address.
-
Select an Interface.
-
Click OK.
To configure the default route in the CLI:
config router static edit 0 set gateway 192.168.1.254 set device port1 next end
Ensuring internet and FortiGuard connectivity
This step is not necessary for the configuration; however, it is necessary in order to keep your FortiGate up to date against the latest threats. Updates are provided to FortiGates that are registered and make a request to the FortiGuard network to verify if there are any more recent definitions.
Use execute ping <domain.tld>
to ensure the DNS resolution is able to resolve the following FortiGuard servers:
-
fds1.fortinet.com
-
service.fortiguard.net
-
update.fortiguard.net
You also need to ensure the necessary ports are permitted outbound in the event your FortiGate is behind a filtering device. Refer to the Ports and Protocols document for more information.
Using the default certificate for HTTPS administrative access
By default, the FortiGate uses the Fortinet_GUI_Server certificate for HTTPS administrative access. Administrators should download the CA certificate and install it on their PC to avoid warnings in their browser. See Using the default certificate for HTTPS administrative access for more information.