Configuring Interface and Routing

Configuring Firewall Policies

Authenticated Network User Setup

Blocking Malware

Web Filtering

Controlling Application Access

Configuring Interface and Routing

Internet

AN 19
1. Configuring WAN Interface
W 2. Configuring LAN Interface
2.168.20.0/24 3. Configuring DHCP Server
Port-1

4. Configuring DNS
Port-2
192.168.11.0/24 5. Configuring the default Route
LAN

6. Monitoring

Reference
Configuration LAN Interface and WAN Interface with CLI
WAN Interface Configuration
config system interface
edit port1
set ip 192.168.20.7 255.255.255.0
set mode static
set alias "WAN“
set role wan
end

LAN Interface Configuration

config system interface
edit port2
set ip 192.168.11.1 255.255.255.0
set allowaccess ping https ssh http telnet
set mode static
set alias “LAN“
set role lan
end
WAN Interface Configuration (GUI)
① Network ➔ Interfaces
② Select Port1
③ Alias = WAN
④ Role = WAN
⑤ Address mode = Manual ➔ IP Address = 192.168.20.7/255.255.255.0
OK
WAN Interface Status
① Network ➔ Interfaces
② Check > WAN (Port1)
LAN Interface Configuration (GUI)
① Network ➔ Interfaces
② Select Port2
③ Alias = LAN
④ Role = LAN
⑤ Address mode = Manual ➔ IP Address = 192.168.11.1/255.255.255.0
⑥ Administrative Access = Checked > HTTPS , HTTP , PING , SSH , TELNET
⑦ OK

① ②
③

④
⑤

⑦
DHCP Server on LAN Configuration

① Network ➔ Interfaces ➔ Select and Edit Port (LAN Port)

② DHCP Server = [ Enabled ]
③ Address Range = 192.168.11.2-192.168.11.100
④ Netmask = 255.255.255.0
⑤ Default Gateway = [ Same as Interface IP ]
⑥ OK

① ②
③

④
⑤

⑥
DNS Setting Configuration

① Network ➔ DNS
② DNS Server = [ Specify ]
③ Primary DNS Server = 8.8.8.8 , Secondary DNS Server = 8.8.4.4
④ DNS (UDP/53) = Enable
⑤ Apply

②
① ③

⑤
Default Route Configuration
① Network ➔ Static Routes
② Destination = [ Subnet ]
③ 0.0.0.0/0.0.0.0
④ 192.168.20.1
⑤ Interface = WAN (port1)
⑥ OK

②
③
④
⑤
①

⑥
Configuration Firewall Policies Min Zaw Oo

Internet

AN 1
9

1. Create LAN Network Object 2.168.20.0/24

Port-1

2. Configure Firewall policies for Internet Access

Port-2
3. Monitoring Traffic Log 192.168.11.0/24
LAN

Reference
.2 .3 .4 .5 .6
Creating LAN Network Object
① Policy & Objects
② Address
③ Name = [ LAN-Network ]
④ IP/Netmask = 192.168.11.0 255.255.255.0
⑤ Choose ➔ LAN (Port2)
⑥ OK

① ③

④
② ⑤

⑥
Creating Firewall Policy for Internet Access ⑦ Schedule = always
① Policy & Objects ➔ Firewall Policy ⑧ Service = DNS , HTTP , HTTPS
② Name = [ Internet-Access ] ⑨ Action = Accept
③ Incoming Port = LAN (Port2) ⑩ Inspection Mode = Flow-based
④ Outgoing Port= WAN (Port1) ⑪ NAT = [Enable]
⑤ Source = LAN-Network (LAN Network Object) ⑫ IP Pool = Use Outgoing Interface
⑥ Destination = All ⑬ OK

Enable Log Options for All section

Viewing Traffic Log
① Log & Report
② Forward Traffic

Check Traffic Log

①
②
Authenticated Network User Setup
Internet

AN 1
9

2.168.20.0/24
Port-1

Port-2
192.168.11.0/24
LAN

Reference Bob Smith Rose James

Sales Project
Create a Local User Account
① User & Authentication ➔ User Definition ➔ Create New
② User Type = Local User ➔ Next
③ Login Credentials = set (Username , Password) ➔ Next
④ Extra Info ➔ User Account Status = [ Enable ] ➔ Summit

①
③

④
User Account Status
① User & Authentication ➔ User Definition
② Check User List

①
Create a User Group
① User & Authentication ➔ User Groups ➔ Create New
② Name = Sales [ Group Name ]
③ Type = Firewall
④ Members = user
⑤ OK

②
③

④
①

⑤
User Group Status

① User & Authentication ➔ User Groups

② Check Group List

①
Add Authentication to the firewall policy
① Policy & Object ➔ Firewall Policy ➔ Edit ( Internet Access Rule)
② Source = Sales (Add Group)
③ OK

③
Testing Internet Access with an allowed User Account
① Access the Internet (www.google.com)
② Login (Username and Password of User in Sales Group)
③ Continue

③
Blocking Malware Min Zaw Oo

Internet
Task 1 : Create a Antivirus Profile Malware
AN 1

Task 2 : Apply antivirus to Firewall policy 9

Task 3 : Verify antivirus W

2.168.20.0/24
Port-1

Port-2
192.168.11.0/24
LAN

Reference
.2 .3 .4 .5 .6
Create a Antivirus Profile

① Security Profiles
② Antivirus
③ Default
④ Edit

① ③
②
Create a Antivirus Profile - Continue

⑤ Use FortiGuard outbreak prevention database = [ Enable ]

⑥ OK

⑥
Apply antivirus to Firewall policy

① Policy & Objects

② Firewall Policy
③ Select → Internet Access
Rule
④ Edit

①
②

③
Apply antivirus to Firewall policy - Continue

⑤ Antivirus = [ Enable ] and Select Profile

⑥ OK

⑥
Verify antivirus
②
① Browse → www.eicar.org/dow...
② Click →
eicar.com
③ Check Security Alert Message

③
Verify antivirus - Continue

① Log & Report

② Security Events
③ Inspect the logs

②
 Min Zaw Oo

Web Filtering Internet

AN 1
9

2.168.20.0/24
Port-1
1. Validate FortiGuard Security Subscription license
2. Create an Web Filter profile
xx Port-2
192.168.11.0/24
LAN
3. Add the Web Filter profile to the firewall policy
4. Verify the configuration.
5. Monitor the logs regarding application access

Reference Bob Smith Rose James

Sales Project
Control Web Access Using Web Filter
Task 1:

Task 2:
Task 3:

Task 4:

Task 5:
Validate FortiGuard Security Subscription license

① Dashboard
② Status
③ Web Filter
④ Check Web Filter License

①
②

③
Create or Edit an Web Filter profile
① Security Profiles
② Web Filter
③ Edit [ Web filter Profile (default) ]
④ Social Networking (Right-Click) ③
⑤ Choose Block
⑥ OK

①
②

⑥
Add the Web Filter profile to the firewall policy
① Policy & Object ➔ Firewall Policy
② Web Filter [ Enable ]
③ Choose Web Filter Profile [Default]
④ OK

② ③

④
Verify Web Filter
① Open Browser ➔ www.twitter.com

①
Configure the Authenticate Action for FortiGuard Category Filter

Internet

AN 1
9

• Applythe Authenticated action forthe File Sharing and Storage sub-category W

2.168.20.0/24
Port-1
• Testthe Authenticate action and examine logs
Port-2
192.168.11.0/24
LAN

Preventing File Sharing

and Storage Access

Allow

Deny
Reference Bob Smith Rose James

Sales Project
Apply the Authenticated action for the File Sharing and Storage sub-category
① Security Profiles ➔ Web Filter ➔ Edit [ Web filter Profile (default) ]
② Select File Sharing and Storage
③ Click Authenticate
④ Add User and Group
⑤ OK
⑥ OK

⑥
Test the Authenticate action and examine logs
① Open file sharing and storage website (www.onedrive.com)
② Username = User in Sale-Group
③ Password = [ Password ]
④ Continue

②
③
④
Monitoring Web Filter
Controlling Application Access Min Zaw Oo

Internet
Task 1 : Configure Application Control
AN 1
9

Task 2 : Monitor Application Control

W

2.168.20.0/24
Port-1

xx Port-2 xx
192.168.11.0/24
LAN

Filtering Video/Audio
Access from Internet

Reference Bob Smith Rose James

Sales Project
Create Application Control Profile

① Security Profiles
② Application Control
③ Create New

②
Create Application Control Profile - Continue
④ Write [ Application Control Name ]
⑤ Block Video /Audio
⑥ OK

⑥
Add Application Control Profile in Firewall Policy
① Policy & Objects ➔ Firewall Policy ➔ [Edit] Internet Access Policy
② Application Control [ Enable ] and Choose Video_block
③ OK

③
Verify Application Control

① Browse →
www.youtube.com

①
Monitoring Application Control
① Log & Report
② Application Control (or) Security Event ➔ Application Control
③ Confirm the Application Control Sensor was used, meaning Block_Video for
YouTube

①
③