Fortinet is a global network security industry leader, and FortiGate is the company's flagship product. FortiGate has powerful network and security functions and serves tens of thousands of customers around the world. Its product models also cover the widest range in the industry, ranging from tens of megabytes to hundreds of gigabytes, which can meet the needs of users of different scales. For large enterprises and carrier customers, IT personnel are capable and have a lot of resources, so it is easy to configure equipment. But for small and medium-sized enterprises, the operation and maintenance capabilities of IT personnel may not be so strong.
The above quote is from the quick configuration of the Fortigate Chinese website. I have been in contact with firewalls for nearly 10 years. There are dozens of firewall brands at home and abroad (for work reasons, mainly Fortigate and Paloalto). From a technical point of view, personal I think that Fortigate is almost a recommended product in any scenario, especially for daily operation and maintenance. The advantages of Fortigate include but are not limited to:
- Full next-generation firewall functionality
- And its friendly WebUI and localized interface, even more friendly than the domestic wall
- Clear and easy-to-understand configuration logic, including WebUI and CLI
- Lightweight system, tens of MB of OS, fast upgrade and restart, compared with other firewalls with G OS and startup time of ten minutes or more, it has a great advantage
- Open Ecosystem, Strong Compatibility
- High cost performance. At present, the Fortigate 30E that I export for home use is several hundred yuan.
In addition to the above advantages, the configuration is simple because the official Chinese version configuration all-in-one basically covers more than 95% of configuration scenarios and troubleshooting, which is almost impossible to find a second one in other foreign brand firewalls
FortiGate products implement Chinese all-in-one
Just because most of the failure scenarios are mentioned in this book, I only record some uncommon failure points or problems that I encountered before and did not appear in this book in my personal blog , as a record
Finally, I would like to briefly share the most common scenarios and configure the Internet. Taking my Fortigate 30E and PPPoE as an example, the main configuration content and precautions are as follows:
Internal and external network interface configuration
Configure the account number and password of PPPoE dial-up on the external network. Here is a digression. Now most home broadband dial-up defaults to the optical modem, and the WAN port of the router can only get the internal network address (or most home scenarios no longer need an exit router). You can ask the operator to sink the dial-up to our own router
Intranet normal configuration interface address and DHCP
routing configuration
In fact, in the PPPoE environment, Fortigate needs to manually configure the static route. If the dial is successful, the system will point out by itself. In the static public IP environment, the default route needs to be configured, and the destination 0.0.0.0/0 points to the public network gateway.
In addition, remember to configure the referral route to the third-tier switch as follows:
NAT and security policy configuration
In the standard firewall logic, NAT and security policy configuration are two steps. Fortigate is directly placed in one interface. Remember to enable NAT, and then you can go online normally.
other configuration
Unless there is a problem with Fortidns or FortiGuard update with Fortinet, it is generally recommended to replace the local DNS
settings. It is recommended to customize the basic configuration, including host name, time zone and time, custom HTTPS port, change language and theme, etc.
