Fortinet Firewall Fortigate-30D Basic Configuration and NAT Set up Steps-优快云博客

本文介绍了一款新的Fortigate-30D防火墙设备，并提供了详细的配置步骤，包括网络设置、安全策略配置及性能测试等内容。

There is a new Fortigate-30D firewall shipped to me and I am working on to have it tested in our network environment to see how the performance looks like. Device is quite small as a seven inch tablet. After unpacked the box, we will see one Ethernet cable, one usb cable, one power adapter and manual included in the box.

FortiGate-30D-Hardware.png?resize=320%2C175

In the back of the Fortigate-30D, there are 4xGE RJ45 Switch Ports, One GE RJ45 WAN Port, One USB port and one Small USB Management Port. Beside Small USB Management Port (4), it is small Reset hole and DC power adapter port.

Topology:

fortinet%2BDrawing1.png?resize=400%2C113&ssl=1

1. Power on your Fortigate-30D device, and connecting your laptop to one of four GE RJ45 Switch Ports and set your laptop as DHCP client.

You will get one of 192.168.1.x/24 ip address, mostly it is 192.168.1.100. From your browser, browser to webpage https://192.168.1.99.

2014-10-28%2B15_32_52-SSL%2BError.png?resize=200%2C116&ssl=1

After clicked ‘Proceed anyway’ button, login window prompt it up. User name is admin and there is no password.

2014-10-28%2B15_35_49-http___192.168.1.99_%2Bis%2Bnot%2Bavailable.png?resize=200%2C143&ssl=1

Directly click Login button then you will get into Web GUI management interface.

2014-10-28%2B15_36_25-FortiGate%2B-%2BFGT30D3X14001934.png?resize=640%2C411&ssl=1

2. Configure LAN and WAN Interfaces

2014-10-28%2B15_39_02-FortiGate%2B-%2BFGT30D3X14001934.png?resize=400%2C287&ssl=1

2014-10-28%2B16_21_01-FortiGate%2B-%2BFGT30D3X14001934.png?resize=640%2C256&ssl=1

3. Changing the admin password.

2014-10-28%2B15_43_29-FortiGate%2B-%2BFGT30D3X14001934.png?resize=320%2C176&ssl=1

4. Add a default route.

2014-10-28%2B16_21_23-FortiGate%2B-%2BFGT30D3X14001934.png?resize=640%2C232&ssl=1

5. Add a new Virtual IP Mapping for Destination NAT-ting or Port Forwarding configuration

2014-10-28%2B16_21_57-FortiGate%2B-%2BFGT30D3X14001934.png?resize=640%2C268&ssl=1

note: For Source Nat-ting, the configuration is on the policy. When you create a firewall rule, check Enable NAT at Use Destination Interface Address.

2014-10-30%2B20_43_33-FortiGate%2B-%2BFGT30D3X14001771.jpg?resize=640%2C524&ssl=1

2014-10-30%2B21_11_23-FortiGate%2B-%2BFGT30D3X14001738.jpg?resize=640%2C108&ssl=1

Rule #2 will do one source nat-ting and one destination nat-ting when there is traffic from WAN to access ip 10.9.136.40:

NAT any WAN Source IP Address to LAN Interface IP Address (10.9.134.8)
NAT destination ip address from 10.9.136.40 to 10.9.134.40

6. Add a new policy rule from WAN to LAN vip address.

2014-10-28%2B16_22_37-FortiGate%2B-%2BFGT30D3X14001934.png?resize=640%2C152&ssl=1

7. Test

Using Iperf to do Performance Test from 10.9.136.18 to NAT-ed WAN IP 10.9.136.100 (LAN IP address is 10.9.134.100).
From WAN to LAN, I am able to push traffic to 890Mb/s. Between LAN, it hits 926Mb/s.

2014-10-28%2B16_23_04-C__WINDOWS_system32_cmd.exe%2B-%2Biperf%2B-s.png?resize=320%2C246&ssl=1

8. Demo Site of Fortimanager and Fortigate Product (140D-POE)

10. Basic CLI Commands

FGT30D3X1400171 $ execute ping 10.9.136.18

PING 10.9.136.18 (10.9.136.18): 56 data bytes
64 bytes from 10.9.136.18: icmp_seq=0 ttl=64 time=0.7 ms
64 bytes from 10.9.136.18: icmp_seq=1 ttl=64 time=0.6 ms

— 10.9.136.18 ping statistics —
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.6/0.6/0.7 ms