Computer and IT knowledge - things to know
Fortinet - Basic configuration
- put your notebook to the fortinet default subnet, 192.168.1.0/24.
The default ip of the fortinet device is 192.168.1.99
plug the ethernetcable on port 1
> access the webfronted https://192.168.1.99/
--------------------------------------------------
do some basic configuration,
let us setup the following configuration
>> port 1: leave it as it is >> 192.168.1.99
>> port 2-3: create a software switch >> 192.168.178.1/24
>> port 4: configure it as "wan" interface
System > Network > Interfaces
>> create new Interface, Type Software Switch
-- Interface Name = 178
-- Physical Interface Members: port2 and port3
-- Addressing mode: Manual, IP/Network Mask: 192.168.178.1/255.255.255.0
-- Administrative Access: HTTPS + PING
-- DHCP Server: Enable, Starting IP: 192.168.178.100, End IP: 192.168.178.200, Netmaskk 255.255.255.0, Default Gateway: Same as Interface IP, DNS Server: Same as System DNS
System > Network > Interfaces
>> edit port4 > the wan interface
-- Alias: wan
-- Addressing mode: DHCP
-- Retrieve default gateway from server: yes
-- Administrative Access: HTTPS PING SSH SNMP
-- [ port4 will be connected to the default gateway in may case a fritzbox ]
System > Config > SNMP
-- create a SNMPv1/v2c community name to monitor the box using a tool like checkmk
no lets create some Policy Rules, under: Policy & Objects > Policy > IPv4
-- lets make some simple rules, so that no addresses in the wan subnet can be access, except the router (fritz.box)
-- 1: source=all, destination=192.168.2.1, always, service=HTTPS, deny
-- 2: source=all, destination=192.168.2.1, always, service=ALL, accept, NAT=enable enabled
-- 3: source=all, destination=192.168.2.0/25, always, service=ALL, deny
-- 4: source=all, destination=all, always, service=ALL, ACCEPT, NAT=enable
computer2know :: thank you for your visit :: have a nice day :: © 2024