How to Setup FortiGate Firewall To Access The Internet



11 image



In this case NAT/Route mode is used which allows FortiGate to hide the IP addresses of the private network using network address translation (NAT).

Forti setup tech water.jpg

Login to the FortiGate’s web-based manager

forti login screen

Configure the internal and WAN interfaces

Go to system –> Network –> Interfaces

Configure the WAN interface


Configure the internal interface

In this case DHCP is enabled

5 Internal ip

In the MAC Address Access Control List assign the mac address and IP address of the administrator PC

6 internal more

Review the Configuration

7 interface list.JPG


Configure default route at 

Router –> Static –> Static Routes

Set the Destination IP/Mask to, the Device to the Internet-facing interface, and the Gateway to the gateway (or default route) provided by your ISP or to the next hop router, depending on your network requirements.

8 routing

Review configuration

9 routing review

Configure DNS Setting

you can keep the default if you want to



Configure Policies

Two policies are created in this scenario

  1. General policy – restricted internet access
  2. Administrator PC policy – unrestricted internet access can be given

General Policy

Only HTTP, HTTPS, DNS services are allowed

11 policy top

Enable NAT and session logging

12 policy NAT


Administrator PC policy

Firstly you have to create a new address for admin PC at Firewall Objects –> Address

appropriate subnet number and the interface is configured

13 admin pc.JPG

Review created address

13 Admin PC address.JPG

Then create the policy for admin PC. All the services are allowed in this case

12 admin policy.JPG


Test the policy configuration by accessing internet using the admin PC and another PC in the network. Monitor the counter changes in policies

14 counter.JPG










How to Reset a FortiGate Firewall to Factory Default Settings


How to Reset Fortigate Firewall
Credits: GoPro

Please note that the device used in this tutorial is not connected to any production environment.

Firstly connect the cables properly. Refer this video

Cables used to connect to the console port and PC



Find the COM port first (this is the device manager in Win8.1)

In my case, I had to install the drivers for usb2.0-ser. [Download Drivers at:]

1 COM port in device manager

Connect using PuTTY

[Download PuTTY at: ]

2 putty com3 port

Press Enter

3 terminal

If needed reboot the device (sometimes needed). Just give a power reset

4 after reboot

Enter maintainer as the username. For the password bcpb + the serial number of the firewall (letters of the serial number are in UPPERCASE format)

6 enter maintainer and password

enter exec factoryreset and press Y

7 reset or not

8 reseting

CONGRATULATIONS…!!  FortiGate Firewall is restored to the factory defaults configurations. Now you can login through preferred medium. In this case web browser is used.

Use following ip address to connect



Name: admin
password: (keep blank)


forti login screen

Welcome to Fortinet interface


What do you possess?

Constructive criticism? Thoughtful comment? Derogatory remarks? Contradictory tutorials?

Please don’t be shy to contribute and be part of this wonderful journey. Remember always the adage “knowledge is ammunition”.