Establishing Core Security Settings
Introduction
The next crucial step after installing the FortiGate firewall is to complete the fundamental setup that provides secure connectivity and lays the groundwork for more sophisticated functionality. The device may effectively manage traffic, safeguard internal resources, and offer visibility into network activity if it is initially configured correctly.
During this stage, I concentrated on setting up fundamental configurations, including user access controls, firewall policies, network interfaces, and routing. By establishing a foundation for safe internet access, traffic filtering, and system monitoring, these setups made it possible to later deploy more sophisticated security features like intrusion prevention, web filtering, and VPNs.
Objective
I concentrated on creating firewall policies, interface assignments, routing, and basic access settings on Day 2. By establishing a baseline for traffic filtering, monitoring, and safe internet access, these actions prepared the ground for the later implementation of more sophisticated security services like VPNs, intrusion prevention (IPS), and web filtering.
Enter the default Login credentials
Login Credentials: Upon first boot, I accessed the FortiGate VM using the default credentials:
Username: admin
Password: (blank, press Enter)
This granted access to the CLI for initial setup.
Port configuration
Identifying FortiGate VM IP Address: To configure the network interfaces, I first located the default IP address assigned to the management port.
The command get system interface physical was used to view available interfaces and their IPs.
Port Configuration
Using CLI, I configured the management and internal interfaces.
config system interface
edit port1
set ip 192.168.1.99/24
set allowaccess ping http https ssh
next
edit port2
set ip 10.0.0.1/24
next
end
Inputting the prot configuration script
This ensured the management port was reachable for web-based access, while port 2 connected to the internal LAN.
How to get the gateway IP address
Default gateway configuration
To allow internet connectivity, I set the default route:
config router static
edit 1
set gateway 192.168.1.1
set device port1
next
end
This allowed outbound connections for updates and external communication.
DNS Configuration
I configured DNS servers to allow domain resolution using:
config system dns
set primary 8.8.8.8
set secondary 8.8.4.4
end
With this, the firewall could resolve domain names and support internet-bound traffic.
Connecting to FortiGate VM GUI
After assigning the management port IP, I accessed the FortiGate Web GUI via a browser:
URL: https://192.168.1.99
The login page loaded successfully, confirming GUI accessibility.
Conclusion
By the end of the second day, the FortiGate VM's baseline configuration was completely operational. Web access to the firewall interface was confirmed, along with the successful configuration of essential elements such as user login, port setting, routing, and DNS. This produced a safe and controllable environment that was prepared for more personalization and security strengthening.
Lessons Learned
- CLI First, GUI Later: While the CLI offers faster and more flexible initial setup, the GUI makes long-term management simpler.
- Gateway & DNS are Critical: The firewall cannot resolve domains or interact externally without the gateway and DNS.
- Best Practices for Access Control: Always limit administrative access to IP addresses and ports that are trusted for administration.
- Structured Setup Flow: Misconfigurations were decreased by adhering to a logical sequence (interfaces → gateway → DNS → GUI).
Top comments (0)