How to create a basic configuration on a Fortigate

Let’s see some useful command on a fortigate firewall.

Assuming that you have a Fortinet Fortigate device, your local ip address is in the range of and you have a router with a public IP address and a public subnet

config system global
# Set the http admin port to 80/tcp
set admin-port 80
# Set the https admin port to 443/tcp
set admin-sport 443
# Set the ssh admin port to 22/tcp
set admin-ssh-port 22
# Set the telnet admin port to 23/tcp
set admin-telnet-port 23
# Set the hostname
set hostname “CompanyFirewall”
# Set the ntp server to “” and enable it
set ntpserver “”
set ntpsync enable
# Set to 43200 seconds the tcp-halfclose timer
set tcp-halfclose-timer 43200
# Set the telnet 23/tcp port timeout to 43200 seconds.
# This is very useful if you have an AS400 (iSeries) to avoid session
config system session-ttl
set default 43200
config port
edit 23
set timeout 43200
# Set the IP address and administrative access options (ping https http) for
INTERNAL interface.
config system interface
edit “internal”
set ip
set allowaccess ping https http
set type physical
# Set the IP address and administrative access options (ping https) for WAN1
# Set “gateway Detect” option enable and set the “Ping Server” destination.
# Set the interface speed to 10 Mb/s Half Duplex, this is useful for some
connections like radio bridge.
edit “wan1″
set ip
set allowaccess ping https
set gwdetect enable
set detectserver “″
set type physical
set speed 10half
# Set DNS Servers and DNS options
config system dns
set primary
set secondary
set domain ”
set autosvr disable
set dns-cache-limit 5000
set cache-notfound-responses disable
# Set a firewall policy to enable traffic from INTERNAL TO WAN1 using NAT
# Set a protection profile (a default one) called “scan”
config firewall policy
edit 1
set srcintf “internal”
set dstintf “wan1″
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
set profile-status enable
set profile “scan”
set nat enable
# Set a default gateway on the WAN1 interface
config router static
edit 1
set device “wan1″
set gateway