1. Unbox FortiGate or initialize a new VM. Start by unboxing the FortiGate, then connect the power cord and boot the FortiGate. If deploying a FortiGate VM, initialize a new VM by following the hypervisor's VM deployment guide.
2. Note the factory default settings:
   IP: 192.168.1.99.
   Subnet Mask: 255.255.255.0.
   Gateway: 192.168.1.99.
   Default login user: admin.
   Default password: (blank).

3. Access the FortiGate GUI: To begin the initial configuration, connect the computer to the MGMT interface on mid-range and high-end models. Entry-level FortiGates do not have MGMT interface: they use the port1 interface instead. If connecting to a VM, it may be necessary to reconfigure the VM and the computer to be on the same VLAN.

Open a browser navigate to https://192.168.1.99 and enter the default username admin with no password. FortiGate should provide a prompt to update the default password:

• If the login page fails to load, make sure the https:// is included in the URL.
• If the login page can't still be accessed, open a command prompt and ping 192.168.1.99.
• If there are no ICMP echo replies, review the IP address and netmask of the computer to ensure that they are on the same broadcast domain using ipconfig /all.
• If the computer's ethernet port does not have an IP address, has 169.254.x.x, or has an IP address other than 192.168.1.x 255.255.255.0: type ncpa.cpl in the Microsoft Windows command line, right-click the ethernet interface and select Properties, then use the IP address 192.168.1.110 255.255.255.0. 

Optionally, set the Default Gateway and DNS to 192.168.1.99.

4. Configure LAN interface.
   1. Open Network -> Interfaces then select and edit an interface that will be used for the Local Area Network (LAN). In general, it is recommended to use interface port2 or an internal interface and assign a preferred private LAN address. Avoid using 192.168.1.0/24 because some ISPs use that same subnet on their ISP device. One option is to use 10.0.10.1/24 as shown below.

Additionally, enable the DHCP server unless an internal DHCP server is being used, or if it is preferable to assign static IP addresses to hosts.

2. Save the changes by clicking the OK button. Next, unplug the computer from the MGMT port or port1 and connect to the designated LAN port, which is port2 in the example above.

• If a static IP address was assigned to the computer's ethernet port, open ncpa.cpl and set TCP/IPv4 Properties back to its default settings.

3. Open the browser and navigate to the IP address assigned on the LAN interface or https://10.0.10.1 in the example above. It should be possible to log in to the FortiGate GUI through the LAN IP address. If the login was not possible, try to statically assign the IP address 10.0.10.9, subnet mask 255.255.255.0, gateway 10.0.10.1, and DNS 10.0.10.1.

5. Configure the WAN interface. Connect the WAN interface or port1 (if that is the preferred WAN interface) to the ISP device if it is not connected yet, then proceed to step number 6 if the ISP did not assign the company a static public IP address.

If the ISP assigned the company a public IP address:

1. Open Network -> Interfaces, then edit the WAN interface and select Manual in the Addressing mode. Next, set the first valid IP address assigned by the ISP and the correct netmask, uncheck all Administrative Access options, and select the OK button to save the settings. The example below uses 192.168.2.2/24 for demonstration purposes.

2. Open Network -> Static Routes and add a default route. Select the WAN interface and set the Gateway Address accordingly based on the ISP assigned gateway and select the OK button. In the example below, 192.168.2.1 was used because it is the next hop.
   
   

6. Configure firewall policy and enable NAT.
   Open Policy & Objects -> Firewall Policy and select Create New. Set the settings similar to the example below, but do not forget to enable NAT and select the OK button to save. It should now be possible to connect to the Internet. After completing the initial internet test, set the applicable security profiles such as Web Filter and Anti-Virus.