Step-by-Step Guide: Setting Up a FortiGate Firewall for LAN Internet Access

Published by networkfix on

If you are building a secure network, knowing how to route internet traffic through a firewall is an essential skill. In this guide, we are going to walk through how to provide internet access to your Local Area Network (LAN) users using a FortiGate Firewall.

This tutorial is based on a practical demonstration by the YouTube channel Networktips in (watch the full video here), which uses a virtualized environment with a Windows 10 guest VM to test the configuration.

Let’s dive into the setup!

Step 1: Prepare Your Virtual Machines and Adapters

Before you power anything on, you need to ensure your network adapters are correctly configured to allow the machines to talk to each other.

  • Make sure you have your FortiGate VM and a Windows 10 guest VM ready in your virtualization software (like VMware Workstation or Pro).
  • Change the network adapter settings for both VMs so that the Windows 10 machine is virtually connected to the firewall’s LAN interface.

Step 2: Configure the DHCP Server on the Firewall

Once your adapters are set, boot up both virtual machines.

  • As soon as the FortiGate firewall finishes booting, log into its web-based management interface.
  • Navigate to your Interfaces (usually under the Network tab) and edit the port designated for your LAN (e.g., Port 2).
  • Enable and configure a DHCP Server on this interface so it can automatically assign IP addresses to the machines on your internal network.

Step 3: Create the Internet Access Policy

Firewalls block traffic by default, so you need to explicitly tell the FortiGate to allow your LAN users to reach the outside world.

  • Go to your IPv4 Policy section.
  • Create a new policy that forwards traffic from your incoming LAN interface (e.g., Port 2) to your outgoing WAN/Internet interface.
  • Ensure that NAT (Network Address Translation) is enabled on this policy so your internal IP addresses are translated to your public-facing IP.

Step 4: Configure the Default Static Route

Even with a policy in place, the firewall needs to know where to send unknown internet traffic.

  • Navigate to Static Routes.
  • Create a new default route (Destination IP/Mask: 0.0.0.0/0.0.0.0).
  • Point the gateway to your ISP’s router IP address and assign it to your WAN interface. This directs all outbound internet traffic to the correct exit point.

Step 5: Connect and Test the Windows 10 VM

Now it’s time to test if your LAN users can actually get online.

  • Switch over to your Windows 10 VM.
  • Make sure its network adapter is set to connect to the firewall’s LAN port.
  • If the DHCP server is working correctly, the Windows machine will grab an IP address from the firewall and, thanks to your new policy and static route, should now have full internet access!

What’s Next?

Providing internet access is just the first step in network administration. Once your users are online, the next logical step is securing and restricting that access. Stay tuned for future guides where we cover how to block specific websites using FortiGate’s web filtering features!

For a complete visual walkthrough of these configurations, be sure to check out the original video on YouTube.

Categories: Fortigate

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *