Cyber Hygiene Sec

Real Network Security & Firewall Configuration Guides
Home

How to Configure DHCP Server and Firewall Policy in FortiGate (Step-by-Step Guide)

🛡️ How to Configure DHCP Server and Firewall Policy in FortiGate (Step-by-Step Guide)

🔷 Introduction

In modern networks, automatic IP address assignment is essential for efficient management. This is where DHCP (Dynamic Host Configuration Protocol) comes in.

In this guide, you’ll learn how to configure a DHCP server and firewall policy on FortiGate using both GUI and CLI methods. This is a real-world configuration used by network engineers in enterprise environments.

📌 What You’ll Learn

  • How to configure DHCP server on FortiGate

  • How to assign IP address ranges

  • How to create firewall policy for internet access

  • Basic CLI commands for FortiGate

🔧 Step 1: Login to FortiGate Firewall

  1. Open your browser

  2. Enter FortiGate IP (e.g., https://192.168.1.1)

  3. Login using admin credentials

🔧 Step 2: Configure DHCP Server (GUI Method)

  1. Go to Network → Interfaces

  2. Select your internal interface (e.g., lan)

  3. Enable DHCP Server

Configure the following:

  • IP Range: 192.168.1.100 – 192.168.1.200

  • Subnet Mask: 255.255.255.0

  • Default Gateway: 192.168.1.1

  • DNS Server: 8.8.8.8 or FortiGate default

  1. Click OK / Apply

💻 DHCP Configuration Using CLI

config system dhcp server
    edit 1
        set interface "lan"
        set lease-time 86400
        config ip-range
            edit 1
                set start-ip 192.168.1.100
                set end-ip 192.168.1.200
            next
        end
        set netmask 255.255.255.0
        set default-gateway 192.168.1.1
        set dns-server1 8.8.8.8
    next
end

🔧 Step 3: Create Firewall Policy

Now we allow users to access the internet.

  1. Go to Policy & Objects → Firewall Policy

  2. Click Create New

Configure:

  • Name: LAN-to-WAN

  • Incoming Interface: LAN

  • Outgoing Interface: WAN

  • Source: all

  • Destination: all

  • Service: ALL

  • Action: ACCEPT

  • Enable NAT

  1. Click OK

💻 Firewall Policy Using CLI

config firewall policy
    edit 1
        set name "LAN-to-WAN"
        set srcintf "lan"
        set dstintf "wan"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end

🔍 Step 4: Verification

After configuration:

✅ Connect a device to LAN
✅ Check if it receives IP automatically
✅ Test internet access (ping google.com)

⚠️ Common Issues & Fixes

❌ No IP Assigned

  • Check DHCP is enabled on correct interface

  • Verify cable connection

❌ No Internet Access

  • Check firewall policy

  • Ensure NAT is enabled

❌ Wrong IP Range

  • Recheck DHCP configuration

✅ Conclusion

You have successfully configured:

✔ DHCP Server on FortiGate
✔ IP address allocation
✔ Firewall policy for internet access

This setup is essential for any small to enterprise network.

📢 Final Thoughts

If you’re learning networking or working as a network engineer, mastering FortiGate configurations like this is extremely valuable.

👉 Practice this in your lab to fully understand the behavior.

🔗 Related Topics

  • VLAN Configuration in FortiGate

  • NAT Policy in FortiGate

  • Basic Firewall Rules Explained


NextGen Digital... Welcome to WhatsApp chat
Howdy! How can we help you today?
Type here...