FortiWAN Appendices

Appendix A: Default Values

In console, enter the command ‘resetconfig’, or on the Web UI select “Factory Default” to do a hard reset and restore all settings to factory default.

When restored to factory default, accounts and passwords for access of CLI, Web UI and SSH login will also be reset to:

FortiWAN Log-ins    
  < V4.0.x V4.1.0
Web-based Manager Default Adminstrator/1234 Adminstrator/1234
Monitor/5678 (read-only) Monitor/5678 (read-only)
  admin/null (Fortinet default)
CLI Default Adminstrator/fortiwan Adminstrator/1234
  admin/null (Fortinet default)

The Web UI login port will be restored to the default port 443.

FortiWAN also supports SSH logins. The interface for SSH login is the same as the console with identical username and password.

WAN Link Health Detection Default Values

l System default values contain 13 fixed servers IPs for health detection. l Values for all Port Speed and Duplex Settings will also be reset. l All ports are restored back to AUTO state.

Network default Values (FortiWAN 200B) Port 1: WAN

  • WAN Link: 1
  • IP: 192.168.1.1 l Netmask : 255.255.255.0 l IP in DMZ 192.168.1.2~192.168.1.253 l Default Gateway 192.168.1.254 l DMZ at Port 5 Port 2: WAN
  • WAN Link: 2 l IP: 192.168.2.1 Appendix A: Default
  • Netmask: 255.255.255.0 l IP in DMZ 192.168.2.2~192.168.2.253 l Default Gateway 192.168.2.254 l DMZ at Port 5 Port 3: WAN
  • WAN Link: 3
  • IP: 192.168.3.1 l Netmask: 255.255.255.0 l IP in DMZ 192.168.3.2~192.168.3.253 l Default Gateway: 192.168.3.254 l DMZ at Port 5 Port 4: LAN
  • IP: 192.168.0.1 l Netmask: 255.255.255.0 l DHCP Server Disabled

Port 5: DMZ

Fields such as Domain Name Server, VLAN and Port Mapping, WAN/DMZ Subnet Settings are all cleared Service Category Default Values

l Firewall: default security rules apply l Persistent Routing: Enabled l Auto Routing: By Downstream Traffic as default l Virtual Server: Disabled l Bandwidth Managemet: Disabled l Cache Redirection: Disabled l Multihoming: Disabled l All fields in the Log/Control Category are cleared

Appendix B: Suggested Maximum Configuration Values

FortiWAN’s Web UI does not set maximum limitations to numbers of most services rules and policies, but as the configured rules and policies increase interminably, performance of both FortiWAN and its Web UI decrease, especially for FortiWAN’s critical services, such as Bandwidth Management, Multihoming and Tunnel Routing. Not only FortiWAN appliances use more and more hardware resources to run and handle traffic with a large number of configurations, but also your local computer spends more time to run the Web UI pages. The following table shows the suggested maximum configuration values to FortiWAN’s services. Remember that FortiWAN

Web UI allows you to create configurations more than the value, but the performance may not be guaranteed.

  FWN-200B FWN-1000B FWN-3000B
WAN link health detection      
Ping lists 1024 1024 1024
Optimum route detection      
Static IP-ISP tables 1024 1024 1024
Total rules of static IP-ISP tables 1024 1024 1024
Backup line setting      
Backup line rules 1024 1024 1024
IP grouping      
IP groups 300 300 300
IPv4 rules of an IP group 1024 1024 1024
IPv6 rules of an IP group 1024 1024 1024
Service grouping      
Service group 300 300 300
IPv4 rules of a service group 1024 1024 1024
IPv6 rules of a service group 1024 1024 1024
Busyhour setting      
Busyhour rules 1024 1024 1024
Date/Time      

Appendix B: Suggested Maximum Configuration

  FWN-200B FWN-1000B FWN-3000B
Time servers 4 4 4
Administration      
Administrator accounts 1000 1000 1000
Monitor accounts 1000 1000 1000
Firewall      
IPv4 rules 1024 1024 1024
IPv6 rules 1024 1024 1024
NAT      
1-to-1 NAT rules 1024 1024 1024
NAT rules 1024 1024 1024
IPv6 NAT rules 1024 1024 1024
Persistent routing      
IPv4 web service rules 1024 1024 1024
IPv4 IP pair rules 1024 1024 1024
IPv6 web service rules 1024 1024 1024
IPv6 IP pair rules 1024 1024 1024
Auto routing      
Policies 1024 1024 1024
IPv4 filters 1024 1024 1024
IPv6 filters 1024 1024 1024
Virtual Server      
IPv4 virtual servers 1024 1024 1024
Server IPs of an IPv4 virtual server 50 50 50
Total server IPs of enabled IPv4 virtual servers 512 512 512

 

  FWN-200B FWN-1000B FWN-3000B
IPv6 virtual servers 1024 1024 1024
Bandwidth management      
Inbound classes 99 99 99
Inbound IPv4 filters 299 299 299
Inbound IPv6 filters 1024 1024 1024
Outbound classes 99 99 99
Outbound IPv4 filters 299 299 299
Outbound IPv6 filters 1024 1024 1024
Connection limit      
Count limit rules 1024 1024 1024
Rate limit rules 512 512 512
Cache redirect      
Cache groups 1024 1024 1024
Group servers of a cache group 1024 1024 1024
Redirect rules 1024 1024 1024
Multihoming      
Global setting      
IPv4 PTR records 1024 1024 1024
PTR entries of an IPv4 PTR record 1024 1024 1024
IPv6 PTR records 1024 1024 1024
PTR entries of an IPv6 PTR record 1024 1024 1024
A record policy      
A record policies 1024 1024 1024
Total WAN links of A record policies 1024 1024 1024

Appendix B: Suggested Maximum Configuration

  FWN-200B FWN-1000B FWN-3000B
AAAA record policy      
AAAA record policies 1024 1024 1024
Total WAN links of AAAA record policies 1024 1024 1024
Domain setting      
Domains 1024 1024 1024
DNSSEC private keys of a domain 100 100 100
NS records of a domain 1024 1024 1024
A records of a domain 1024 1024 1024
AAAA records of a domain 1024 1024 1024
CName records of a domain 1024 1024 1024
DName records of a domain 1024 1024 1024
SRV records of a domain 1024 1024 1024
MX records of a domain 1024 1024 1024
TXT records of a domain 1024 1024 1024
External subdomains of a domain 1024 1024 1024
NS records of an external subdomain of a domain 1024 1024 1024
Multihoming – Backup      
Remote master servers 100 100 100
Internal DNS      
Global setting      
IPv4 PTR records 1024 1024 1024
IPv6 PTR records 1024 1024 1024
Domain setting      
Domains 1024 1024 1024

 

  FWN-200B FWN-1000B FWN-3000B
NS records of a domain 1024 1024 1024
A records of a domain 1024 1024 1024
AAAA records of a domain 1024 1024 1024
CName records of a domain 1024 1024 1024
SRV records of a domain 1024 1024 1024
MX records of a domain 1024 1024 1024
External subdomains of a domain 1024 1024 1024
NS records of an external subdomain of a domain 1024 1024 1024
DNS proxy      
Intranet source rules 1024 1024 1024
Proxy domain rules 1024 1024 1024
IP-MAC mapping      
Mapping rules 1024 1024 1024
Tunnel Routing      
Tunnel groups 100 400 1000
Tunnels of a tunnel group 16 16 16
Total enabled tunnels 2500 2500 2500
Default rules of a tunnel group 1024 1024 1024
Routing rules 1024 1024 1024
Persistent rules 1024 1024 1024
Reports      
IP annotations 1024 1024 1024
Scheduled emails 20 20 20
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.