# Fortinet # FortiGates Firewall setup guides # FortiGate 60F Setup Guide (Basic Home Network Setup) This guide will help you configure your FortiGate 60F with the following features: - **Three VLANs**: Home, Guest, and IoT - **Firewall Rules**: Optimized for streaming and gaming - **Traffic Prioritization**: Using Quality of Service (QoS) ### Prerequisites 1. **FortiGate 60F**: Ensure your FortiGate device is powered on and connected to your network. 2. **Access to FortiGate Management Interface**: Use a web browser to access the FortiGate interface at `http://`. 3. **Basic Network Setup**: Have an existing internet connection and basic knowledge of network configurations. ### Step-by-Step Setup #### Step 1: Access FortiGate Management Interface 1. **Open a web browser** and navigate to the FortiGate's IP address. 2. **Log in** using your admin credentials. The default username is `admin`, and there is no password initially (change this immediately for security). #### Step 2: Configure VLANs 1. **Navigate to**: `Network > Interfaces`. 2. **Create VLANs** for Home, Guest, and IoT. **Home VLAN** - **Interface Name**: VLAN\_Home - **VLAN ID**: 10 - **Interface**: Select the physical interface (e.g., `port1`) to assign the VLAN. - **IP/Netmask**: `192.168.10.1/24` **Guest VLAN** - **Interface Name**: VLAN\_Guest - **VLAN ID**: 20 - **Interface**: Select the physical interface (e.g., `port1`) to assign the VLAN. - **IP/Netmask**: `192.168.20.1/24` **IoT VLAN** - **Interface Name**: VLAN\_IoT - **VLAN ID**: 30 - **Interface**: Select the physical interface (e.g., `port1`) to assign the VLAN. - **IP/Netmask**: `192.168.30.1/24` #### Step 3: Configure DHCP for Each VLAN 1. **Navigate to**: `Network > DHCP Servers`. 2. **Create DHCP servers** for each VLAN. **Home VLAN DHCP** - **Interface**: VLAN\_Home - **IP Range**: `192.168.10.2 to 192.168.10.100` **Guest VLAN DHCP** - **Interface**: VLAN\_Guest - **IP Range**: `192.168.20.2 to 192.168.20.100` **IoT VLAN DHCP** - **Interface**: VLAN\_IoT - **IP Range**: `192.168.30.2 to 192.168.30.100` #### Step 4: Configure Security Policies 1. **Navigate to**: `Policy & Objects > IPv4 Policy`. 2. **Create policies** to manage traffic between zones. **Allow Traffic from Home to Internet** - **Name**: Allow\_Home\_to\_Internet - **Incoming Interface**: VLAN\_Home - **Outgoing Interface**: WAN - **Source**: All - **Destination**: All - **Action**: Accept **Allow Traffic from Guest to Internet** - **Name**: Allow\_Guest\_to\_Internet - **Incoming Interface**: VLAN\_Guest - **Outgoing Interface**: WAN - **Source**: All - **Destination**: All - **Action**: Accept **Allow Traffic from IoT to Internet** - **Name**: Allow\_IoT\_to\_Internet - **Incoming Interface**: VLAN\_IoT - **Outgoing Interface**: WAN - **Source**: All - **Destination**: All - **Action**: Accept **Deny Traffic Between VLANs** - **Name**: Deny\_InterVLAN - **Incoming Interface**: VLAN\_Home, VLAN\_Guest, VLAN\_IoT - **Outgoing Interface**: VLAN\_Home, VLAN\_Guest, VLAN\_IoT - **Source**: All - **Destination**: All - **Action**: Deny #### Step 5: Configure Traffic Prioritization (QoS) 1. **Navigate to**: `Policy & Objects > Traffic Shapers`. 2. **Create traffic shapers** to prioritize gaming and streaming traffic. **Create Traffic Shapers for Gaming and Streaming** - **Name**: Priority\_Gaming - **Priority**: High - **Traffic Type**: Custom - **Bandwidth**: Define based on gaming traffic requirements - **Name**: Priority\_Streaming - **Priority**: Medium - **Traffic Type**: Custom - **Bandwidth**: Define based on streaming traffic requirements 3. **Apply Traffic Shapers** to the relevant policies by editing the policies and assigning the appropriate traffic shaper. #### Step 6: Test Configuration 1. **Verify device connectivity** on each VLAN. 2. **Test internet access** from each VLAN to ensure policies are correctly applied. 3. **Monitor traffic** to ensure streaming and gaming traffic are prioritized as expected. ### Additional Tips - **Secure Access**: Change the default admin password and enable HTTPS access only. - **Regular Backups**: Regularly backup your configuration to prevent data loss. - **Firmware Updates**: Keep your FortiGate firmware updated for the latest features and security patches. # FortiGate 60F Setup Guide with SD-WAN for Multiple WAN Connections This guide will help you configure your FortiGate 60F with the following features: - **Introduction to SD-WAN** - **Three WAN Connections**: Fiber (Primary), 5G, and Starlink - **SD-WAN Configuration**: For load balancing and redundancy - **Three VLANs**: Home, Guest, and IoT - **Firewall Rules**: Optimized for streaming and gaming - **Traffic Prioritization**: Using Quality of Service (QoS) --- ### **Prerequisites** - **FortiGate 60F**: Ensure your FortiGate device is powered on and connected to your network. - **Access to FortiGate Management Interface**: Use a web browser to access the FortiGate interface at `https://`. - **WAN Connections**: Have your Fiber, 5G, and Starlink connections physically connected to the FortiGate. - **Basic Network Knowledge**: Familiarity with network configurations and terms. --- ### **Step-by-Step Setup** #### **Step 1: Access FortiGate Management Interface** 1. Open a web browser and navigate to the FortiGate's IP address. 2. Log in using your admin credentials. - **Default Username**: `admin` - **Default Password**: *(Leave blank initially; change immediately for security)* #### **Step 2: Configure WAN Interfaces** Navigate to **Network > Interfaces** to configure your WAN connections. **Configure Fiber Connection (Primary)** - **Interface Name**: `WAN_Fiber` - **Physical Interface**: e.g., `port2` - **Role**: `WAN` - **Addressing Mode**: Configure according to your ISP (e.g., DHCP, Static, PPPoE) - **Distance**: `5` *(Lower distance gives higher priority in routing)* **Configure 5G Connection** - **Interface Name**: `WAN_5G` - **Physical Interface**: e.g., `port3` - **Role**: `WAN` - **Addressing Mode**: Configure according to your ISP - **Distance**: `10` **Configure Starlink Connection** - **Interface Name**: `WAN_Starlink` - **Physical Interface**: e.g., `port4` - **Role**: `WAN` - **Addressing Mode**: Configure according to your ISP - **Distance**: `15` #### **Step 3: Configure SD-WAN** Navigate to **Network > SD-WAN** to set up load balancing and failover. **Add Member Interfaces** 1. Click **Create New** to add WAN interfaces to SD-WAN. 2. **Add WAN\_Fiber** - **Interface**: `WAN_Fiber` - **Weight**: `0` - **Priority**: `1` 3. **Add WAN\_5G** - **Interface**: `WAN_5G` - **Weight**: `0` - **Priority**: `2` 4. **Add WAN\_Starlink** - **Interface**: `WAN_Starlink` - **Weight**: `0` - **Priority**: `3` **Configure SD-WAN Rules** 1. Go to the **SD-WAN Rules** tab. 2. Click **Create New**. - **Name**: `Default_Rule` - **Incoming Interfaces**: `VLAN_Home`, `VLAN_Guest`, `VLAN_IoT` - **Source**: `All` - **Destination**: `All` - **Service**: `All` - **Outgoing Interfaces**: `Best Quality (SLA)` or `Manual (choose preferred interfaces)` 3. **Set Interface Preference** - **Preferred Interfaces**: `WAN_Fiber`, `WAN_5G`, `WAN_Starlink` - **Load Balancing Algorithm**: `Manual` #### **Step 4: Configure VLANs** Navigate to **Network > Interfaces** to set up VLANs. **Home VLAN** - **Interface Name**: `VLAN_Home` - **VLAN ID**: `10` - **Interface**: Physical interface connected to your switch (e.g., `port1`) - **IP/Netmask**: `192.168.10.1/24` **Guest VLAN** - **Interface Name**: `VLAN_Guest` - **VLAN ID**: `20` - **Interface**: `port1` - **IP/Netmask**: `192.168.20.1/24` **IoT VLAN** - **Interface Name**: `VLAN_IoT` - **VLAN ID**: `30` - **Interface**: `port1` - **IP/Netmask**: `192.168.30.1/24` #### **Step 5: Configure DHCP for Each VLAN** Navigate to **Network > DHCP Servers**. **Home VLAN DHCP** - **Interface**: `VLAN_Home` - **IP Range**: `192.168.10.2` to `192.168.10.100` **Guest VLAN DHCP** - **Interface**: `VLAN_Guest` - **IP Range**: `192.168.20.2` to `192.168.20.100` **IoT VLAN DHCP** - **Interface**: `VLAN_IoT` - **IP Range**: `192.168.30.2` to `192.168.30.100` #### **Step 6: Configure Security Policies** Navigate to **Policy & Objects > Firewall Policy**. **Allow Traffic from VLANs to SD-WAN** 1. **Home VLAN to Internet** - **Name**: `Allow_Home_to_Internet` - **Incoming Interface**: `VLAN_Home` - **Outgoing Interface**: `SD-WAN` - **Source**: `All` - **Destination**: `All` - **Service**: `All` - **Action**: `Accept` - **NAT**: Enable 2. **Guest VLAN to Internet** - **Name**: `Allow_Guest_to_Internet` - **Incoming Interface**: `VLAN_Guest` - **Outgoing Interface**: `SD-WAN` - **Source**: `All` - **Destination**: `All` - **Service**: `All` - **Action**: `Accept` - **NAT**: Enable 3. **IoT VLAN to Internet** - **Name**: `Allow_IoT_to_Internet` - **Incoming Interface**: `VLAN_IoT` - **Outgoing Interface**: `SD-WAN` - **Source**: `All` - **Destination**: `All` - **Service**: `All` - **Action**: `Accept` - **NAT**: Enable **Deny Inter-VLAN Traffic** - **Name**: `Deny_InterVLAN` - **Incoming Interface**: `VLAN_Home`, `VLAN_Guest`, `VLAN_IoT` - **Outgoing Interface**: `VLAN_Home`, `VLAN_Guest`, `VLAN_IoT` - **Source**: `All` - **Destination**: `All` - **Service**: `All` - **Action**: `Deny` #### **Step 7: Configure Traffic Prioritization (QoS)** Navigate to **Policy & Objects > Traffic Shapers**. **Create Traffic Shapers** 1. **Gaming Traffic Shaper** - **Name**: `Priority_Gaming` - **Type**: `Per Policy` - **Priority**: `High` - **Bandwidth**: Set according to your requirements 2. **Streaming Traffic Shaper** - **Name**: `Priority_Streaming` - **Type**: `Per Policy` - **Priority**: `Medium` - **Bandwidth**: Set according to your requirements **Apply Traffic Shapers to Policies** 1. Edit the **Allow\_Home\_to\_Internet** policy. 2. Under **Traffic Shaping**, enable **Apply Shaper Per Policy**. 3. Select the appropriate traffic shaper based on the service. #### **Step 8: Configure SD-WAN Performance SLA (Optional)** Navigate to **Network > SD-WAN > Performance SLA**. **Create SLA Targets** 1. Click **Create New**. 2. **Name**: `SLA_Fiber` - **Members**: `WAN_Fiber` - **Latency**, **Jitter**, **Packet Loss**: Set thresholds - **Protocol**: `Ping` or `HTTP` - **Server**: Reliable external IP (e.g., 8.8.8.8) Repeat for `WAN_5G` and `WAN_Starlink` if desired. **Configure SD-WAN Rules with SLA** 1. Go back to **SD-WAN Rules**. 2. Edit `Default_Rule`. 3. Under **SLA**, select the SLA targets you created. 4. Set the **SLA Mode** to `Best Quality`. #### **Step 9: Test Configuration** - **Connectivity**: Verify that devices on each VLAN receive the correct IP addresses and can access the internet. - **Failover**: Disconnect the Fiber connection to test if traffic fails over to 5G or Starlink. - **Load Balancing**: Monitor traffic to see if load balancing is functioning as configured. - **QoS**: Test streaming and gaming applications to ensure they receive priority bandwidth. --- ### **Additional Tips** - **Secure Access**: Change the default admin password and enable HTTPS-only access under **System > Settings**. - **Regular Backups**: Go to **System > Maintenance > Backup & Restore** to back up your configuration. - **Firmware Updates**: Check **System > Firmware** for updates to keep your FortiGate secure and up-to-date. --- By following this guide, you should have a robust network setup that leverages SD-WAN to manage multiple WAN connections, provides separate VLANs for different device types, and prioritizes critical traffic like gaming and streaming. The Fiber connection is set as the primary link, ensuring the best performance under normal conditions, with 5G and Starlink as backups for redundancy.