Fortigate Firewall
What is Fortigate?
Fortinet FortiGate is a next-generation firewall (NGFW) that provides a comprehensive range of security services to protect networks from a wide range of threats. It combines traditional firewalling capabilities with deep packet inspection (DPI), intrusion prevention system (IPS), web filtering, and other security features to provide a holistic approach to network security.
Deployment Topology
Here’s the IP Address mapping topology for this deployment
Preparing the Installer
First, sign up for an account on Forti Support, then go to VM Downloads
On the downloaded files, there will be several version that we can choose, here’s the mapping to suit the ESXi environment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|-----------------------------------------+-------------------------------------------|
| Template | Compatible with |
|-----------------------------------------+-------------------------------------------|
| FortiGate-VM64.ovf | ESXI 8.0(Hardware Version 20) or later |
|-----------------------------------------+-------------------------------------------|
| FortiGate-VM64.hw13.ovf | ESXI 6.5(Hardware Version 13) or later |
|-----------------------------------------+-------------------------------------------|
| FortiGate-VM64.hw15.ovf | ESXI 6.7U2+(Hardware Version 15) or later |
|-----------------------------------------+-------------------------------------------|
| FortiGate-VM64.hw17.ovf | ESXI 7.0(Hardware Version 17) or later |
|-----------------------------------------+-------------------------------------------|
| FortiGate-VM64.vapp.ovf | ESXI 8.0(Hardware Version 20) or later |
|-----------------------------------------+-------------------------------------------|
| FortiGate-VM64.nsxt.ovf | ESXI 6.7U2+(Hardware Version 15) or later |
|-----------------------------------------+-------------------------------------------|
| FortiGate-VM64-ZNTA.vapp.ovf | ESXI 7.0(Hardware Version 17) or later |
|-----------------------------------------+-------------------------------------------|
Deploy the ovf on ESXi as usual, then boot it.
Connect through console, the default credentials are admin with no password (blank)
Check the IP address obtained from DHCP with “diagnose ip address list”, and make sure it’s able to connect to internet for license activation
Fortigate GUI Initial Configuration
Now open the obtained IP Address on web browser
Select evaluation license and enter the account created earlier
After it reboots, it will enter the setup
And the installation complete, now the FortiGate is up and running
Configuring Network Interfaces
Got to Network » Interfaces, change the IP following the topology
Now that we changed the DHCP obtained IP Address with the static one, give it a default gateway on Network » Static Route
Now lets try accessing the Inside interface (61.0.0.1) from a linux host (61.0.0.141)
Configuring Firewall Policy to Enable Internet Access
In order for linux host to access the internet, its IP Address needs to be translated using Forti’s Outside IP Address.
Go to Policy & Objects » Firewall Policy, Create New
Don’t forget to log all sessions so we can see the traffic’s report
Now let’s try simulate accessing the internet from linux host
On Log & Report » Forward Traffic, we can also see the traffic from linux host going to internet
