FortiGate Firewall Basic Setup Guide for Small Business
The Fortinet FortiGate is the most widely deployed next-generation firewall (NGFW) in Malaysian SME environments. It provides stateful packet inspection, IPS, web filtering, application control, SSL inspection and VPN in a single device. This guide covers the initial setup of a FortiGate 40F, 60F or 80F for a small business office with a standard ISP modem/router upstream. All instructions apply to FortiOS 7.2 and 7.4.
FortiGate security policy design, FortiGuard subscription configuration, SSL inspection and advanced features require detailed planning based on your network architecture. Incorrect firewall policies can block legitimate traffic or leave the network exposed. Engage a certified Fortinet partner for production deployments.
Step 1: Physical Connections
Connect the Hardware
Before powering on the FortiGate:
- Connect your ISP modem/router LAN port to FortiGate WAN1 port (labelled WAN1 or port 1 depending on model) using an Ethernet cable
- Connect your office switch to FortiGate LAN port (usually port 2 or the dedicated LAN port) – or connect a single PC directly to the LAN port for initial configuration
- Connect the power adapter and power on the FortiGate
Wait 60 to 90 seconds for the FortiGate to fully boot. The STATUS LED will turn solid green when ready.
Step 2: Access the Web GUI
Connect to the Management Interface
The default LAN IP address for most FortiGate models is 192.168.1.99. Set your PC’s IP address to the same subnet:
- Windows: Settings > Network > Ethernet > Edit IP address > Manual > IPv4 enabled > IP: 192.168.1.100, Subnet: 255.255.255.0, Gateway: 192.168.1.99
Open a browser and go to https://192.168.1.99. Accept the SSL certificate warning (the FortiGate uses a self-signed certificate by default). The FortiGate login page will appear.
Login with:
- Username: admin
- Password: (blank on first login, or set during hardware registration on FortiOS 7.2+)
Step 3: Change Admin Password Immediately
The default admin account with a blank password is a critical security vulnerability. Anyone who can reach the management interface can access the firewall. Change it before connecting to the internet or configuring any policies.
Set a Strong Admin Password
After login, go to System > Administrators. Click on the admin account. Click Change Password. Enter a strong password of at least 16 characters including uppercase, lowercase, numbers and symbols. Click OK.
Also consider creating a separate named admin account for your use and disabling or limiting the default admin account for production environments.
Step 4: Run the Setup Wizard
Configure WAN Interface
The FortiGate setup wizard launches automatically on first login. If not, go to Dashboard > Status > Setup Wizard.
Configure the WAN interface (wan1 / port1):
- DHCP: Select if your ISP modem assigns an IP automatically (most common for Unifi, Maxis, TIME)
- Static IP: Select if your ISP has given you a fixed WAN IP address. Enter the IP, subnet mask, gateway and DNS servers provided by your ISP
- PPPoE: Select if you have a DSL connection that requires a username and password
After configuring the WAN interface, click Next.
Configure LAN Interface and DHCP
On the LAN interface page, set the FortiGate’s internal IP address. The default is 192.168.1.99/24. Change this to your preferred internal subnet if needed (e.g. 192.168.10.1/24).
Enable the DHCP Server to assign IP addresses to office devices. Set the IP range (e.g. 192.168.1.100 to 192.168.1.200), default gateway (FortiGate LAN IP), and DNS servers (use 1.1.1.1 or 8.8.8.8 as primary/secondary).
Set Time Zone
Set the time zone to Asia/Kuala_Lumpur (UTC+8). Correct time is essential for log timestamps, certificate validity and scheduled tasks. Enable NTP synchronisation with pool.ntp.org.
Step 5: Update Firmware
Update to Latest Stable Firmware
Go to System > Firmware & Registration. Click Check for Updates. FortiGate will check the Fortinet update servers.
Look for the latest stable release (not Feature release). Stable releases have the designation GA (General Availability) and fewer known bugs. For 40F and 60F models, FortiOS 7.4 is the current recommended stable release.
Click Backup configuration first, then click Upgrade. The FortiGate will download and install the firmware and reboot. This takes 3 to 5 minutes. Do not power off during this process.
Step 6: Verify Internet Connectivity
Test from FortiGate CLI
Open the CLI console in the GUI (right side of the top menu bar, the terminal icon) or use an SSH client to connect to the FortiGate IP. Run:
execute ping 8.8.8.8 execute ping google.com
If pings succeed, the FortiGate WAN connection and DNS are working. Now test from a client PC on the LAN – open a browser and confirm internet access is working.
Step 7: Verify Firewall Policy
Confirm LAN to WAN Policy
Go to Policy & Objects > Firewall Policy. A default policy allowing LAN-to-WAN traffic with NAT enabled should exist from the setup wizard. Verify it shows:
- Incoming Interface: LAN (or internal)
- Outgoing Interface: WAN1
- Source: all
- Destination: all
- Action: ACCEPT
- NAT: Enabled
If this policy does not exist, create it with the above settings. Without this policy, LAN clients cannot access the internet even if the WAN is connected.
At this point your FortiGate is operational with changed admin password, updated firmware, working internet and a basic allow-all LAN-to-WAN policy. Next steps should include: configuring FortiGuard subscriptions, enabling IPS and web filtering profiles, creating security policies replacing the allow-all rule, and configuring SSL VPN for remote access.
Need IT Help in Malaysia?
Cybergate provides cybersecurity Malaysia for businesses across Malaysia. Our team is available Monday to Saturday, 9am to 6pm.