Search Posts

Configure FortiWifi 30D

Firmware update ForiWIfi 30D

A FortiWifi 30D after a factory reset, firmware vesion v5.2.5,build701.
Updating the FortiWifi 30D by clicking on [Update].
The updating proces is done with the tool “FortiExplorer”. With this tool you connect the FortiWifi 30D with USB to your PC/Laptop.

 

Click on [Upload Firmware], browse to the specific firmware (no screenshot), and click on [Upgrade].

 

After some time, the FortiWifi 30D is upgraded to v5.6.1 build 1484. The default password for admin is no password.

The main screen screen of the FortiWifi.

 

Configure interfaces

First 2 interfaces are configured, the WAN interface and the LAN interface. Rightclick on “wan” and click “Edit”.

Make the following changes for the WAN interface:

  • Alias (optional)
  • Role ==> out of LAN, WAN, DMZ, Undefined choose WAN
  • Manual IP/Network Mask
  • Administrative Access, PING is enough for WAN

Click [OK]

 

Make the following changes for the LAN interface:

  • Alias (optional)
  • Interface Members. In this setup I only use “lan”.
  • Role ==> out of LAN, WAN, DMZ, Undefined choose LAN
  • Manual IP/Network Mask
  • Administrative Access, PING, HTTP and HTTPS is good for a LAN interface.

Click [OK]

 

The result is 2 configured interfaces.

 

Configure object

Next 1 address object is made.

Fill in:

  • Name: a suitable name. In this example I start with the VLAN 201, followed by the network address and finally the subnetmask. It is my own standard.
  • Type: in this case IP/Netmask
  • Subnet/IP Range: in this setup 172.16.0.0/255.255.255.0
  • Interface: choose internal
  • Comments: optional.

 

Policies

Next 3 policies are defined:

  • http/https
  • dns
  • deny

In IPv4 Policy create a new policy. Fill in:

  • Name
  • Incoming Interface, here the internal interface is used.
  • Outgoing interface, this one has the wan interface.
  • Source, the address object made previously is set.
  • Destination, all.
  • Service, http and https
  • Action, the connection is accept.
  • NAT, enabled.

If you have a subsription on FortiGuard, you can enable AntiVirus and Web Filter. Since this device has not, I leave them disabled.

 

The same goes for a dns policy.

 

The deny policy was a default accept policy which I changed to a deny policy.

Make sure the sequence is top down. So first the “http https” policy, followed by the “dns” policy and finally the “deny” policy.

 

DNS server

Add DNS servers of your own choice, or make use of the FortiGuard Servers.

 

Routing

In my setup, a routing was needed to the router of provider.

Done.