Fortinet Firewall Fortigate-30D Basic Configuration and NAT Set up Steps - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Monday, November 3, 2014

Fortinet Firewall Fortigate-30D Basic Configuration and NAT Set up Steps

There is a new Fortigate-30D firewall shipped to me and I am working on to have it tested in our network environment to see how the performance looks like. Device is quite small as a seven inch tablet. After unpacked the box, we will see one Ethernet cable, one usb cable, one power adapter and manual included in the box. 

In the back of the Fortigate-30D, there are 4xGE RJ45 Switch Ports, One GE RJ45 WAN Port, One USB port and one Small USB Management Port. Beside Small USB Management Port (4), it is small Reset hole and DC power adapter port.


Related Post:

1. Power on your Fortigate-30D device, Login with your laptop

Connecting your laptop to one of four GE RJ45 Switch Ports and set your laptop as DHCP client. You will get one of 192.168.1.x/24 ip address, mostly it is From your browser, browser to webpage

After clicked 'Proceed anyway' button, login window prompt it up. User name is admin and there is no password.
 Directly click Login button then you will get into Web GUI management interface.

Initial Configuration for Port1 (Mgmt) interface. From command line, set por1 a static ip to connect from your browser:

config system interface
edit port1
set ip
append allowaccess http

Show system interface

Set up default gateway:

config router static
edit 1
set device port1
set gateway

 2. Configure LAN and WAN Interfaces

3. Changing the admin password.

4. Add a default route.

5. Add a new Virtual IP Mapping for Destination NAT-ting or Port Forwarding configuration

note: For Source Nat-ting, the configuration is on the policy. When you create a firewall rule, check Enable NAT at Use Destination Interface Address.

Rule #2 will do one source nat-ting and one destination nat-ting when there is traffic from WAN to access ip
  • NAT any WAN Source IP Address to LAN Interface IP Address (
  • NAT destination ip address from to

6. Add a new policy rule from WAN to LAN vip address. 

7. Test

Using Iperf to do Performance Test from to NAT-ed WAN IP (LAN IP address is
From WAN to LAN, I am able to push traffic to 890Mb/s. Between LAN, it hits 926Mb/s.

8. Demo Site of Fortimanager and Fortigate Product (140D-POE)

Login name is: demo
Password is: demo

10. Basic CLI Commands

  • FGT30D3X1400171 $ execute ping

PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.7 ms
64 bytes from icmp_seq=1 ttl=64 time=0.6 ms

--- ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.6/0.6/0.7 ms

Youtube Video for configuration backup and restore:


1 comment:

  1. Thanks for the config guide. Firewall configuration could be such a chore