Network

Fortigate EVE-NG Installation and Configuration

Muscal 2 years ago 1

In this blog, we will add Fortigate in a topology we created on Eve-NG. Then we will add a windows 7 and connect the windows7 machine to the internet. First of all, you need to look at the topology below.

Fortigate EVE-NG toploji

I briefly explain the above aggregation. There is a 192.168.10.0./24 network in the LAN area. Connected to this network is a Windows 7 with ip address 192.168.10.10/24. Our 192.168.10.0/24 network is connected to Fortigate’s port1 and its ip address is set to 192.168.10.1/24. Our 10.100.100.0/24 network connected to Fortigate’s port2 is set as WAN zone. Fortigate’s port2 has an ip address of 10.100.100.100.51/24

Adding Windows 7, Fortigate EVE-NG ve Switch

First, we add the Windows7 node to EVE-NG as shown in the picture. You can use Windows 10 or Ubuntu if you want.

Windows 7

In this section, we add the Fortigate node. In order to add these nodes, you must have previously installed qemo files in EVE-NG. I may write a blog about EVE-NG installation and node addition processes in the future.

4 fortigate add node eve ng fortigate

To connect Windows 7 to Fortigate, we put a Cisco switch between Windows7 and Fortigate.

3 add switch eve ng lab 1 fortigate

In the next step we will give an ip address to Fortigate Port2. Before this step we starts all nodes.

Setting ip address to Fortigate Port2

First we click on Fortigate and after clicking we open it with putty. After opening, we enter EVE-NG qemo Fortigagte username admin password as Default. So there is no password. Direct Enter. Then it asks us to set an admin password. Let’s set the password.

6 fortigate eve ng set password fortigate

After setting the password, the first thing we do is to check if there is an ip configuration on the interfaces. Let’s check with this command.

show system interface
5 fortigate show system interface fortigate

We have checked the ip addresses on the ports. Now we will give ip address to port2.

config system interface
edit port2
set mode static
set ip 10.100.100.51 255.255.255.0
set allowaccess ping http https
end
7 set fortifate port ip address fortigate

Now port2 interface is on the same network as 10.100.100.0/24 with eve-ng installed. When we type http:10.100.100.100.51/login from our computer’s browser, the login screen will appear as below.

8 eve forti web 1 fortigate

Setting the port for LAN and setting the WAN

After this stage, we will adjust the settings of port1 and assign roles to port2 from here. First select network>interfaces from the left menu. We select port1 from the menu that opens and edit it. We must enter all the information completely as I show in the picture below. If you set the ip addresses differently at first. You should set this information according to the ip addresses you set yourself.

9 set port1 lan fortigate

Then select port2 from the same menu. After selecting it you will see the ip address. We have already set these with cli. In this step we will only add alias and role. You can enter by checking as in the picture.

10 set port2 wan mode fortigate

Setting IP addresses Windows 7

In this step we will boot Windows 7 from the EVE-NG web interface. Then we will set the ip address. After setting the ip address, we will ping the default gateway 192.168.10.1 ip. We defined this ip above.

From the EVE-NG web interface we click on Windows 7 and open it with VNC.

11 open vnc win7 fortigate

We set the Windows 7 ip address in the network settings as shown in the picture.

12 set windows 7 ip address fortigate

After setting the ip address, we ping the default gateway.

13 ping lan port fortigate fortigate

Pinging successfully. The next step is to access Fortigate from the web interface with http://192.168.10.1/login. A screen like the one below will appear.

14 web login lan port fortigate

Writing rules and accessing the internet

Now we can access the fortigate web interface both from our computer and from windows 7 that we have installed on EVE-NG. In this step we will write a rule and grant access to the internet.

Note: port2 is the WAN port in a real topology, i.e. the port facing the outside world. We can never open it for management access. We even close it to ping.

Note2: We never write an all>all rule in a real topology.

15 create policy fortigate fortigate
16 create policy fortigate 2 fortigate

After writing the rule and clicking OK, we should have written a rule like the one below.

17 after rule writed fortigate

The rule writing process is complete.

Testing the internet connection.

After completing all the steps I have explained step by step above, our windows7 device should be accessing the internet.
First, we ping the 8.8.8.8.8 dns address.

20 windows7 to ping 8.8.8.8 fortigate

As you can see, our Windows 7 device can ping the 8.8.8.8.8 google DNS address. Now let’s open the chrome browser and do any search.

21 test internet fortigate

The search is also complete. After this step you can grow the community yourself. You can do NAT operations by creating a DMZ zone and adding a Server here. I will be publishing the video of this document on youtube shortly.

Muscal

One thought on “Fortigate EVE-NG Installation and Configuration

  1. Pingback: Network Security Components for Global - Config Zone

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Powershell

Diagnostics and Feedback, WAP Push Service on Windows 10

Tue Apr 25 , 2023
We continue with the powershell processes to optimize and accelerate Windows 10/11. You must run powershell as administrator before running all these commands. These proccess work perfectly fine on windows 10. It may give some errors in windows 11. Previous articles can be found here. Diagnostics and Feedback The Connected […]
Diagnostics and Feedback

You May Like