How to setup WAN (Wide Area Network) and LAN (Local Area Network) interfaces on a FortiGate firewall

Setting up WAN (Wide Area Network) and LAN (Local Area Network) interfaces on a FortiGate firewall involves configuring the network interfaces, assigning IP addresses, and defining security policies to manage traffic between them. Here’s a step-by-step guide:

1. Access the FortiGate Device

• Web Interface: Connect to the FortiGate’s management interface via a web browser. By default, the management IP is usually 192.168.1.99.
• CLI Access: If using a console connection, use a terminal program (e.g., PuTTY or Tera Term) to access the device.

2. Configure the LAN Interface

• Go to Interfaces:
  • In the Web Interface, go to Network > Interfaces.
• Edit LAN Interface:
  • Find the internal interface (typically labeled internal or lan) and click Edit.
  • Assign the following settings:
    • Interface Name: (e.g., LAN or internal)
    • Addressing mode: Choose Manual.
    • IP/Netmask: Assign a static IP address for the LAN, e.g., 192.168.1.1/24.
    • Interface Role: Set this to LAN.
    • Administrative Access: Enable HTTPS or Ping (for management purposes).
• Apply Settings: After configuration, click OK to save changes.

3. Configure the WAN Interface

• Go to Interfaces:
  • Go to Network > Interfaces again.
• Edit WAN Interface:
  • Find the external interface (usually labeled wan or external) and click Edit.
  • Assign the following settings:
    • Interface Name: (e.g., WAN or external)
    • Addressing mode: Choose either Manual (for static IP) or DHCP (if getting an IP dynamically from the ISP).
    • IP/Netmask: For static, assign the IP address provided by your ISP (e.g., 203.0.113.2/24).
    • If using DHCP, the IP will be assigned automatically.
    • Interface Role: Set this to WAN.
• Apply Settings: Click OK to save changes.

4. Configure Routing (Static Route)

• Define Default Route for WAN:
  • If using a static WAN IP, go to Network > Static Routes.
  • Click Create New to define a route for outbound traffic.
    • Destination: Set to 0.0.0.0/0 (for all internet traffic).
    • Gateway: Set to the default gateway IP provided by your ISP (e.g., 203.0.113.1).
    • Interface: Choose the WAN interface.
• Apply Route: Click OK.

5. Configure Security Policies (LAN to WAN Traffic)

• Go to Policies:
  • In the Web Interface, go to Policy & Objects > IPv4 Policy.
• Create a Policy for LAN to WAN Traffic:
  • Click Create New to define a new security policy.
  • Incoming Interface: Set to LAN.
  • Outgoing Interface: Set to WAN.
  • Source: Select all (or specify specific IP addresses or address groups).
  • Destination: Set to all (or specific destination addresses).
  • Action: Set to Accept.
  • NAT: Enable NAT to allow LAN users to access the internet.
• Apply Policy: Click OK to save the policy.

6. Verify and Test Connectivity

• Ping Test from LAN:
  • Test the LAN-to-WAN connectivity by pinging an external address (e.g., 8.8.8.8) from a device on the LAN.
• Check Status:
  • Go to Dashboard > Status to monitor the interfaces and see if the WAN interface has internet connectivity.

7. Optional: Set Up DHCP Server for LAN

If you want the FortiGate to assign IP addresses to devices on the LAN dynamically, enable the DHCP server:

• Go to Network > Interfaces.
• Click Edit on the LAN interface.
• Enable DHCP Server and configure the IP range (e.g., 192.168.1.100 to 192.168.1.200).
• Apply Settings.

Final Steps:

1. Save Configuration: After all settings are configured, make sure to save the configuration.
2. Backup Configuration: Always back up the configuration once the setup is complete, under System > Dashboard > System Information.

By following these steps, you’ll have successfully configured the WAN and LAN interfaces on your FortiGate firewall. The LAN will be able to communicate internally, and devices on the LAN will have internet access via the WAN. If you need advanced routing, VPNs, or other features, these can be configured in addition to this basic setup.