FortiOS 6.0 Getting Started: Installing a FortiGate in NAT mode

Source: Internet
Author: User
Keywords FortiOS 6.0 Getting Started
Tags install getting started forticloud fortios fortios 6.0

In NAT mode, you install a FortiGate as a gateway, or router, between two networks. Typically, you set the FortiGate up between a private network and the Internet, which allows the FortiGate to hide the IP addresses of the private network using NAT.

NAT mode is the most commonly used operating mode for a FortiGate.

1. Connecting the network devices and logging in to the FortiGate

Connect the FortiGate to your ISP-supplied equipment using the Internet-facing interface. This is typically WAN or WAN1, depending on your model.

Connect a PC to the FortiGate, using an internal port (in the example, port 3).

Power on the ISP equipment, the FortiGate, and the PC on the internal network.

Use the PC to connect to the FortiGate GUI using either FortiExplorer or an Internet browser. For more information about connecting to the GUI, see the QuickStart Guide for you FortiGate model.

Log in using an admin account. The default admin account has the username admin and no password.

2. Configuring the FortiGate interfaces

To edit the Internet-facing interface (in the example, wan1), go to Network > Interfaces.

Set the Estimated Bandwidth for the interface based on your Internet connection.

Set Role to WAN.

To determine which Addressing mode to use, check if your ISP provides an IP address for you to use or if the ISP equipment uses DHCP to assign IP addresses.

If your ISP provides an IP address, set Addressing mode to Manual and set the IP/Network Mask to that IP address.

If your ISP equipment uses DHCP, set Addressing mode to DHCP to allow the equipment to assign an IP address to WAN1.

Edit the lan interface, which is called internal on some FortiGate models.* 

Set Role to LAN. 

Set Addressing mode to Manual and set the IP/Network Mask to the private IP address that you want to use for the FortiGate.

If you need to assign IP addresses to devices on your internal network, enable DHCP Server.

3. Adding a default route

To create a new default route, go to Network > Static Routes. Typically, you have only one default route. If the static route list already contains a default route, you can edit it, or delete the route and add a new one.

Set Destination to Subnet* and leave the destination IP address set to 0.0.0.0/0.0.0.0.*

Set Gateway to the IP address provided by your ISP and Interface to the Internet-facing interface.

4. Setting the FortiGate DNS servers (optional)

The FortiGate DNS settings are configured to use FortiGuard DNS servers by default, which is sufficient for most networks.

If you need to change the DNS servers, go to Network > DNS, select Specify, and add Primary and Secondary servers.

5. Creating a policy to allow traffic from the internal network to the Internet*

To create a new policy, go to Policy & Objects > IPv4 Policy. Give the policy a Name that indicates that the policy will be for traffic to the Internet (in the example, Internet).

Set the Incoming Interface to lan and the Outgoing Interface to wan1. Set Source, Destination Address, Schedule, and Services, as required.

Ensure the Action is set to ACCEPT.

Turn on NAT and select Use Outgoing Interface Address.

Scroll down to view the Logging Options. To view the results later, enable Log Allowed Traffic and select All Sessions.

6. Results

Browse the Internet using the PC on the internal network.

If you can’t connect to the Internet, see FortiGate installation troubleshooting.

To view information about FortiGate traffic, go to FortiView > Traffic from LAN/DMZ > Sources. The PC appears on the list of sources.

To view more detailed information about the traffic from the PC, right-click the entry for the PC and select Drill Down to Details.

If your FortiGate model has internal storage and disk logging enabled, a drop-down menu in the top corner allows you to view historical logging information for the previous 5 minutes, 1 hour, and 24 hours.

If you’re not sure whether your model supports disk logging, check the FortiGate Feature/Platform Matrix.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.