Chapter 2 – Getting Started
- Installation discusses installing a FortiGate in your network.
- Using the GUI describes how to use the graphical user interface (GUI).
- A Guide to Using the Entry Level Models introduces you to FortiGate models 30-90, also known as the Entry Level models.
- Basic Administration explains basic tasks that should be done to set-up a new FortiGate.
- Resources lists resources available to help you with more advanced FortiGate configurations.
Differences between Models
You should know that there are two key differences between different FortiGate models.
Features
Certain features are not available on all models. Additionally, a particular feature may be available only through the CLI on some models, while that same feature may be viewed in the GUI on other models.
If you believe your FortiGate model supports a feature that does not appear in the GUI, go to System > Feature
Select and confirm that the feature is turned on. For more information, see Feature Select on page 205. For more information about features that vary by model, please see the Feature/Platform Matrix.
Names
Naming conventions may vary between FortiGate models. For example, on some models the hardware switch interface used for the local area network is called lan, while on other units it is called internal.
Installation
This section discusses how to install your FortiGate and use it in your network, after completion of the initial set- up outlined in the FortiGate model’s QuickStart Guide. The section also provides troubleshooting tips.
The following topics are included in this section:
- NAT/Route Mode vs. Transparent Mode
- Setup Wizard
- Installing a FortiGate in NAT/Route mode
- Using a Virtual Wire Pair
- Troubleshooting your FortiGate Installation
NAT/Route Mode vs. Transparent Mode
A FortiGate can operate in one of two modes: NAT/Route or Transparent.
NAT/Route mode is the most common operating mode. In this mode, a FortiGate is installed as a gateway or router between two networks. In most cases, it is used between a private network and the Internet. This allows the FortiGate to hide the IP addresses of the private network using network address translation (NAT). NAT/Route mode is also used when two or more Internet service providers (ISPs) will be used to provide the FortiGate with redundant Internet connections.
A FortiGate in Transparent mode is installed between the internal network and the router. In this mode, the FortiGate does not make any changes to IP addresses and only applies security scanning to traffic. When a FortiGate is added to a network in Transparent mode, no network changes are required, except to provide the FortiGate with a management IP address. Transparent mode is used primarily when there is a need to increase network protection but changing the configuration of the network itself is impractical.
For more information about Transparent Mode, see the Transparent Mode handbook available at the Fortinet Document Library.
Setup Wizard
The Setup Wizard helps to quickly configure your FortiGate to allow Internet access and remote access. The wizard can be launched from the GUI by selecting the button, located in the top right corner. You can also get to the SetupWizard through FortiExplorer for either Windows or Mac OS. FortiExplorer can be downloaded at www.fortinet.com.
Using the Setup Wizard
The Setup Wizard is intended to be used for initial setup. If it is used on a previously configured FortiGate, it replaces parts of the configuration, including existing firewall policies.
1. Connect to the FortiGate using FortiExplorer. It is recommended to view FortiExplorer in fullscreen mode because some options may not be visible otherwise.
2. Select your FortiGate, then select Setup Wizard.
3. Login using an admin account (the default admin account has the username admin and no password).
4. Select Change Password to set a new password for the admin account. Select Next.
5. Select the appropriate time zone. Select Next.
6. Fill in the appropriate information about your Internet WAN Connection. Select Next.
7. Enter an IP Address and Netmask for your LAN. If necessary, enable DHCP and select a Start and End
Address. Select Next.
8. Select the schedule for when Internet access should be allowed. Select Next.
9. Select the appropriate options for your Internet Access Policy, including NAT options and Unified Threat
Management. Select Next.
10. If necessary, configure options to allow Remote VPN Access using either an SSL VPN or an IPsec VPN. Select
Next.
11. A summary screen will appear. If the configuration shown is correct, select Configure.
12. (Optional) If you wish to activate a FortiCloud account, select Next and enter your information (for more information about FortiCloud, see the FortiCloud FAQ). Otherwise, select Done.
Results
Your configuration has now been set up on the FortiGate, allowing users on the LAN to have Internet access.