Enabling the Service and its Configuration
Ordering the Service
To get started with the FortiGate firewall, you need to order it in the Control panel:
- Go to the Network Services → Firewalls section in the Control panel.
- Click Order firewall.
- Select the location (the availability of the devices may differ depending on the selected zone).
- Select your device.
- Click Pay.
- Specify the payment period and click Pay for Service.
- In the ticket, please specify information about the range of IP addresses (learn more) that you want to protect by a firewall.
Please note that if want to protect a new range of IP addresses, you need to order the Additional range of IPv4 addresses service and specify the range in this ticket.
After connecting, the ticket will provide information for accessing the device. It will be possible to connect to it through the console or through the graphical interface.
To connect through the graphical interface, enter the received IP address of the device and then the login and password received in the ticket.
Renaming the Firewall
To rename the firewall, go to the System → Settings section and specify the new name in the Host name field.
To rename the firewall through the CLI, enter the following:
config system global set hostname neXX end
Changing the Administrator’s Password
To change the admin’s password, go to the System → Administrators section, select the admin user in the list and click Edit. Select Change password and fill in the fields.
To change the password through the CLI, enter the following:
config system admin edit admin set password <admin_password> end
Please make a backup before updating.
To check the current firmware version, go to the System → Firmware tab. If a new version is available, a notification will appear on the tab. Click Update to update the system.
To update the system to the required version manually, download the firmware file of the desired version that should be requested from Selectel.
The current stable version of FortiOS is 6.2.5 build1142, which is recommended for update (as of 10.2020). According to the vendor’s recommendations, the update to the newest versions (6.4+) must be performed if there is a reasonable need, for example, new functionality and/or fixing known problems and vulnerabilities, the relevance of which is monitored by the client (see FortiOS Release Notes).
To receive an update, create a ticket that specifies that you need a firmware update for FortiGate and the following details:
- equipment number (neXX);
- exact current version of the FortiOS firmware;
- exact desired version of the FortiOS firmware;
- if the desired version is higher than 6.2.5, then the reason for the upgrade (for example, «The need for use is due to the fact that the SAML SP for VPN authentication function was announced in version 6.4»).
The response ticket will contain the Upgrade path list with a sequence of firmware versions, according to which you need to gradually update the operating system, as well as the firmware files themselves (with the .out extension).
For example, to update from 6.0.4 to 6.4.0, the Upgrade path is as follows:
- 6 0.4 build0231
- 6.2.0 build0866
- 6.2.2 build1010
- 6.4.0 build1579
Following the above mentioned list:
- Sequentially upload three files in FortiGate: 6.2.0 build0866, 6.2.2 build1010, and 6.4.0 build1579. To do this, select the files by clicking Upload Firmware → Browse in the System → Firmware section.
- Click Backup config and upgrade after uploading the file.
- You will see a warning that upgrading the firmware will cause the system to reboot.
- Click Continue. A reboot will start and as a result, the already updated system will start.
Please note that updating the FortiGate operating system is software-based, therefore, it belongs to the administration area in the customer’s area of responsibility. That is, it is performed by the customer.
Backup and Restore
To create a backup, select Configuration → Backup from the drop-down menu of the current user. If necessary, you can save the encrypted file by enabling the Encryption switch.