Defining Connections for Secure Communication
Introduction
To regulate the flow of data between various network segments, a FortiGate firewall depends on interfaces that are set correctly. Interface setup has a direct impact on security and performance since they serve as the points of connection for management, external, and internal traffic. Communication between devices stays safe, dependable, and in line with the original network design when they are set up properly.
I concentrated on establishing the internal network configuration during this phase by giving interfaces IP addresses, dividing traffic, and implementing security zones. This created a safe framework for network communication, made it possible for detailed policy control, and clearly distinguished between internal and external resources.
Objective
On Day 4, I focused on establishing the internal network configuration by assigning IP addresses, disabling unnecessary DHCP services, and creating secure communication zones. This setup allowed clear segmentation of resources, reliable connectivity testing, and groundwork for traffic control policies.
Fortigate Firward Dashboard Overview
Once logged into the GUI, the dashboard overview provided visibility into the existing configuration and available interfaces.
Configuring additional interfaces
Configuring Additional Interfaces. I Added a second network adapter to the FortiGate VM through the virtualization platform.
In the FortiGate GUI, navigated to:
Network → Interfaces → Create New
Created and named the new interface (port2), then assigned it to the internal network segment.
→ Adding a new Network → Creating a new network interface
→ Disabling the DHCP
Disabled the DHCP service on the internal interface to maintain manual IP control and avoid conflicts. This ensured that IP assignment would remain consistent and predictable across devices.
Assigning IP to client VM
Power On the VM
Turn on the VM to see if the firewall has assigned an IP to the VM → Ping, to check the connectivity of the two devices
Access the firewall GUI from the web browser
Dashboard Overview
This confirmed correct routing and access through the second network interface.
Setting up the network interface for port 2 on the firewall
This was the second Network Adapter I configured on the VM., I need to set it up here on the firewall as well, with the IP address
Editing Interface Settings
Edited port2 properties to fine-tune roles and services:
Allowed access: HTTPS, PING, SSH (restricted to internal use). Assigned descriptive alias: Internal LAN.
Ping, to check the connectivity of the two devices
These tests verified that internal devices could reach the firewall and that routing was correctly established.
Traffic shaping & interface roles
Defined the roles of the two network interfaces:
Port1 (Administrative/External): Management + Internet-facing.
Port2 (Internal): LAN connectivity and internal device protection.
Implemented basic traffic shaping policies to ensure fair resource usage across the two interfaces.
Traffic Shaping → The two network interfaces: The administrative Network interface, the Internal Network interface
Conclusion
The successful configuration of internal interfaces and network segmentation marked the end of day four. I created a safe and dependable internal network foundation by designating responsibilities for every interface, turning off DHCP, and allocating static IPs. These setups made it possible for seamless communication, policy-based management, and the eventual expansion into more complex firewall rules.
Lessons Learned
- Security through Segmentation: By keeping internal traffic and management apart, the attack surface is decreased.
- Manual IP Control: By turning off DHCP on the firewall, lab setups can avoid unforeseen problems.
- Connectivity Verification: Routing and access may be verified with ease using basic ping tests.
- Interface Roles: Creating security policies is made easier with a clear division between internal and external roles.
Top comments (0)