Select Firewall Configuration Information

System Information

HA Status Standalone
Inspection Mode Proxy-based
Virtual Domain Disabled

License Information

Registration: user@domain.com

DNS

Primary DNS Server nnn.nn.n.n
Secondary DNS Server nnn.nn.n.n
Local Domain Name ad.domain.com

Interfaces

Status Physical Port Name IP/Netmask Type Access
Enabled mgmt1 mgmt1 192.168.1.99/24 Physical Interface Ping, HTTPS, HTTP, FMG-Access
Disabled mgmt2 mgmt2 192.168.2.99/24 Physical Interface Ping, FMG-Access
Disabled port1 port1 192.168.100.99/24 Physical Interface Ping, FMG-Access
Disabled port2 port2 Physical Interface
Disabled port3 port3 Physical Interface
Enabled port4 port4 Physical Interface
Enabled port4 VLAN2 nnn.nn.n.n/24 VLAN Ping
Enabled port4 VLAN3 nnn.nn.n.n/24 VLAN Ping, HTTPS, SSH
Enabled port4 VLAN4 nnn.nn.n.n/24 VLAN Ping, HTTPS, SSH
Enabled port4 Guest nnn.nn.n.n/24 VLAN
Disabled port5 port5 Physical Interface
Disabled port6 port6 Physical Interface
Disabled port7 port7 Physical Interface
Disabled port8 port8 Physical Interface
Disabled port9 port9 Physical Interface
Disabled port10 port10 Physical Interface
Disabled port11 port11 Physical Interface
Disabled port12 port12 Physical Interface
Disabled port13 port13 Physical Interface
Disabled port14 port14 10.0.0.2/24 Physical Interface Ping
Disabled port15 port15 Physical Interface
Disabled port16 port16 Physical Interface
Disabled port17 port17 Physical Interface
Disabled port18 port18 Physical Interface
Disabled port19 port19 Physical Interface
Disabled port20 port20 Physical Interface
Disabled port21 port21 Physical Interface
Disabled port22 port22 Physical Interface
Disabled port23 port23 Physical Interface
Disabled port24 port24(DMZ) 10.10.10.1/24 Physical Interface Ping
Disabled wan1 wan1(WAN) nn.nnn.nnn.nnn/24 Physical Interface Ping
Disabled wan2 wan2 Physical Interface

DHCP

Static Routes

Destination Gateway Interface Comment
0.0.0.0/0 nn.nnn.nnn.n wan1
172.17.5.15/32 172.17.5.1 Servers
10.212.134.0/24 ssl.root VPN Route
172.17.5.30/32 172.17.5.1 Servers

Administrators

Name Trusted Hosts Profile Type Two-factor Authentication
BackupAdmin 192.168.1.100 prof_admin Local No
EMSConnection 192.168.1.78 super_admin Local No
ericadmin super_admin Local No

Admin Profiles

  • prof_admin
    • Read Only permissions for all Access Controls
  • super_admin
    • Read-Write permissions for all Access Controls

Settings

HTTPS port: 2443

Replacement Messages

HTML for non default replacement messages.

Application Control Block Page, FortiGuard Block Page, and URL Block Page

Application Control Block Page, FortiGuard Block Page, and URL Block Page

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html">
    <meta name="id" content="siteBlocked">
    <title>
      Web Site Blocked
    </title>
    <style type="text/css">
      #shd {
        width:500px;
        position:relative;
        right:3px;
        top:3px;
        margin-right:3px;
        margin-bottom:3px;
        text-align:center;
      }
      #shd .second,
      #shd .third,
      #shd .box {
        position:relative;
        left:-1px;
        top:-1px;
      }
      #shd .first {
        background: #f1f0f1;
      }
      #shd .second {
        background: #dbdadb;
      }
      #shd .third {
        background: #b8b6b8;
      }
      #shd .box {
        background:#ffffff;
        border:1px solid #848284;
        height:500px;
      }
      .strip {
        width:100%;
        height:125px;
      }
      .warn {
        background-color:#f0d44d;
        filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fae379', endColorstr='#eed145');
        background:-webkit-gradient(linear, left top, left bottom, from(#fae379), to(#eed145));
        background:-moz-linear-gradient(top,  #fae379,  #eed145);
        font-size:14px;
        font-weight:bold;
        text-align:left;
        height:200px;
      }
      #nsa_banner {
        position:relative;
        top:20px;
        left:20px;
        float:left;
      }
      #alert_icon {
        position:relative;
        top:15px;
        left:20px;
        float:left;
      }
      #alert_text {
        float:left;
        position:relative;
        top:25px;
        left:40px;
        width:400px;
      }
    </style>
    <script type="text/JavaScript">
      var isIE7=false;
      function onLoadFunc()
      {
        var s = document.URL;
        s = s.replace(/</g, "<").replace(/>/g, ">");
        if (s.length < 50) {
          s='URL: <b>'+s+'</b>';
        }
        else {
          s='URL: <b>'+s.substring(0,50)+'</b>...';
        }
        var o=document.getElementById("urlp");
        if (o) {
          o.innerHTML=s;
        }
        if (isIE7==true) {
          var base="http://$$fw_interface$$/";
          if (base.indexOf("fw_interface")>=0) {
            base="";
          }
          o=document.getElementById("nsa_banner");
          if (o) {
            o.src=base+"nsa_banner.gif";
          }
          o=document.getElementById("alert_icon");
          if (o) {
            o.src=base+"alert_icon.gif";
          }
        }
      }
    </script>
  </head>
  <body onload="onLoadFunc();">
    <div style="width:100%;height:100px;">
    </div>
    <center>
      <div id="shd">
        <div class="first">
          <div class="second">
            <div class="third">
              <div class="box">
                <div class="strip">
                  <img src="" id="nsa_banner" alt="logo">
                </div>
                <div class="warn strip">
                  <div id="alert_text">
                    <p>
                      This site has been blocked by the network administrator.
                    </p>
                    <p id="urlp">
                    </p>
                    <p>
                      Finally, brothers and sisters, whatever is true, 
                      whatever is noble, whatever is right, whatever is pure, 
                      whatever is lovely, whatever is admirable-if anything 
                      is excellent or praiseworthy-think about such things.
                      - Philippians4:8
                    </p>
                  </div>
                  <br/>
 
                </div>
                <div>
 
                  <p>
                    The page you have requested has been blocked.
                    <br/>
                  </p>
                  <p>
                    Block reason: 
                    <b>
                      %%CATEGORY%%
                    </b>
                  </p>
                  <p>
 
                    If you believe the below web site is rated or 
                    blocked incorrectly please make sure to read the 
                    acceptable use policy 
                    <a href="" 
                    target='new'>
                      here
                    </a>
                    and then talk to the IT Director at the helpdesk. Thank you. 
                    %%OVERRIDE%%
                  </p>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </center>
  </body>
</html>

Virus Block Page

Virus Block Page

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <style type="text/css">
      html,body{
        height:100%;
        padding:0;
        margin:0;
      }
      .oc{
        display:table;
        width:100%;
        height:100%;
      }
      .ic{
        display:table-cell;
        vertical-align:middle;
        height:100%;
      }
      div.msg{
        display:block;
        border:1px solid #30c;
        padding:0;
        width:500px;
        font-family:helvetica,sans-serif;
        margin:10px auto;
      }
      h1{
        font-weight:bold;
        color:#fff;
        font-size:14px;
        margin:0;
        padding:2px;
        text-align:center;
        background: #30c;
      }
      p{
        font-size:12px;
        margin:15px auto;
        width:75%;
        font-family:helvetica,sans-serif;
        text-align:left;
      }
    </style>
    <title>
      High Security Alert!!
    </title>
  </head>
  <body>
    <div class="oc">
      <div class="ic">
        <div class="msg">
          <h1>
            High Security Alert!!
          </h1>
          <p>
            <p>
              You are not permitted to download the file "%%FILE%%" because it is infected with the virus "%%VIRUS%%".
            </p>
            <p>
              URL = %%PROTOCOL%%://%%URL%%
              <br />
              File quarantined as: %%QUARFILENAME%%.
              <br />
              <br />
              
              <br/>
              Client IP: %%SOURCE_IP%%
              <br/>
              Server IP: %%DEST_IP%%
              <br/>
              User name: %%USERNAME%%
              <br/>
              Group name: %%GROUPNAME%%
            </p>
          </p>
        </div>
      </div>
    </div>
  </body>
</html>


Advanced

Email Service

  • Use Custom Email Server: Enabled
  • SMTP Server: smtp.gmail.com
  • Port: 465
  • Default Reply To: help@domain.com
  • Authentication: Enabled
  • Username: fortigatelog@domain.com
  • Security Mode: SMTPS

Feature Select

The following features are enabled:

  • Advanced Routing
  • VPN
  • Certificates
  • DoS Policy
  • Implicit Firewall Policies
  • Local In Policy
  • Local Reports
  • Multiple Interface Policies
  • Multiple Security Profiles
  • Policy Learning
  • SSL-VPN Personal Bookmark
  • SSL-VPN Realms
  • Threat Weight Tracking
  • Traffic Shaping
  • AntiVirus
  • Application Control
  • DNS Filter
  • Endpoint Control
  • Intrusion Protection
  • Web Application Firewall
  • Web Filter

User Groups

Group Name Group Type Members (AD Groups)
Example VPN Group Firewall Example VPN
IT Internet Fortinet Single Sign-On (FSSO) Dept-IT

Single Sign-On

Name Type LDAP Server Users/Groups FSSO Agent IP/Name
DC AD\dept-it, AD\Staff 172.17.0.5, 172.17.0.6

LDAP Servers

Name Server IP/Name Port Common Name Identifier Distinguished Name User DN
dc1 172.17.5.5 389 sAMAccountName DC=xx,dc=xxxxxxxxxxxxxxxxxx,dc=com Fortinet LDAP
dc2 172.17.5.6 389 sAMAccountName dc=xx,dc=xxxxxxxxxxxxxxxxxx,dc=com Fortinet LDAP
  • fortinet/fortigate_configuration_info.txt
  • Last modified: 2019/03/15 17:49
  • by ericclaus