Border Gateway Protocol (BGP)

To create a firewall services group – web-based manager

1. Go to Policy & Objects > Objects > Services, select the dropdown arrow next to Create New and select

Service Group.

2. For Group Name, enter “Basic_Services”.

3. From the Members dropdown, choose the following six services — BGP, FTP, FTP_GET, FTP_PUT, DNS, HTTP, and HTTPS.

4. Select OK.

 

To create a firewall services group – CLI

config firewall service group edit “Basic_Services”

set member “BGP” “DNS” “FTP” “FTP_GET” “FTP_PUT” “HTTP” “HTTPS” next

end

 

To create a zone for the ISP interfaces – web-based manager

1. Go to System > Network > Interfaces.

2. Select the caret to the right of Create New and then select Zone.

3. Enter the following information.

Zone Name                                 ISPs

Block Intra-zone traffic             enable

interface members                    port2 port3

4. Select OK.

 

To create a zone for the ISP interfaces – CLI

config system zone edit “ISPs”

set interface “port2” “port3” set intrazone block

next end

 

To add the firewall addresses – web-based manager

1. Go to Policy & Objects > Objects > Addresses.

2. Select Create New, and set the following information.

Category                                     Address

Name                                           Internal_network

Type                                            Subnet / IP Range

Subnet / IP Range                     10.11.101.0 255.255.255.0

Interface                                     port1

3. Select OK.

 

To add the firewall addresses – CLI

config firewall address edit “Internal_network”

set associated-interface “port1”

set subnet 10.11.101.0 255.255.255.0 next

end

 

To add the HTTP and DNS security policies – web-based manager

1. Go to Policy & Objects > Policy > IPv4, and select Create New.

2. Set the following information.

Incoming Interface                   port1(internal)

Source Address                        Internal_network

Outgoing Interface                   ISPs

Destination Address                 All

Schedule                                    Always

Service                                       Basic_services

Action                                         ACCEPT

Log Allowed Traffic                  Enable

Firewall / Network Options     Enable NAT

Comments                                  ISP1 basic services out policy

3. Select OK.

4. Select Create New, and set the following information.

Incoming Interface                   ISPs

Source Address                        All

Outgoing Interface                   port1(internal)

Destination Address                 Internal_network

Schedule                                    Always

Service                                       Basic_services

Action                                         ACCEPT

Log Allowed Traffic                  Enable

Firewall / Network Options     Enable NAT

Comments                                  ISP1 basic services in policy


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU