FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
GabrielAuYong_FTNT

Description

This article explains how to replace a TM UniFi Router with a FortiWiFi 80CM.

TM UniFi (http://www.unifi.my) is a bundled triple play service from Telekom Malaysia offering High Speed Internet, HyppTV (IPTV) and Voice.


Scope

FortiWiFi


Solution

FortiWiFi 80CM interface:

gauyong_FD33377_photo1.jpg

Initial Configuration Steps:

 

 

1.       Connect your PC's network card to LAN port 1 of the FW80CM internal interface.

2.       Set your PCs IP address to 192.168.1.100 with a subnet mask of 255.255.255.0.

3.       Open up your web browser and head over to https://192.168.1.99

4.       The default login for this switch is the username 'admin' with a blank password.

 

 

 

VLAN Configuration Steps:

 

 

It's now time to begin the configuration of the VLANs. Please note that I've written this guide with this particular configuration in mind :

 

 


  • WAN1 of the FW80CM will be connected to the BTU
  • DMZ of the FW80CM will be connected to the IPTV STB
  • LAN port 1~6 of the FW80CM will be connected to your PC & network device
  • WiFi of the FW80CM for Laptop with WiFi capable

 

 

 

Note: This guide is written based on FortiOS v4.3 (Steps should be more or less then same for any other MR)

 

 

 

To get your VLAN configuration running, simply follow these settings :

 

 

 

Create a VLAN500 for PPPoE:

1) Go to “System” > “Network” > “Interface”

2) Click "Create New"

3) Follow the settings in the screenshot, and configure your UniFi username & password accordingly:

 

gauyong_FD33377_photo2.jpg

 

 

 

 

Create a VLAN600 for IPTV (ignore this step if you not plan to use IPTV):

1) Go to “System” > “Network” > “Interface”

2) Click "Create New"

3) Follow the settings in the screenshot

 

 

gauyong_FD33377_photo3.jpg

 

 

 

 

Configure firewall policy for internal/WiFi to PPPoE interface:

1)      Purge all the default firewall policies, it’s not applicable in this case

2)      Internal to PPPoE:

gauyong_FD33377_photo4.jpg

3)      WiFi to PPPoE:

 

gauyong_FD33377_photo5.jpg

 

 

 

 

Configure bridge connection for IPTV (Ignore this steps if you not plan to use IPTV):

 

 

1)      Enable VDOM (Virtual Domain) via System Status
gauyong_FD33377_photo6.jpg

2)      Go to System > VDOM > VDOM, create a new VDOM “iptv”
- make sure Operation Mode is “Transparent”, configure dummy IP for Management IP & Default Gateway
gauyong_FD33377_photo7.jpg

3)      Go to “System” > “Network” > “Interface”, change VDOM for “wan.iptv” &” dmz” port
gauyong_FD33377_photo9.jpg

4)      Switch current VDOM to “iptv”:
gauyong_FD33377_photo10.jpg

5)      Create inbound & outbound firewall policy for “wan.iptv” & “dmz”
gauyong_FD33377_photo11.jpg

6)      Switch the VDOM to Global, go to “System” > “Dashboard” > “Status”, you will see a java base CLI console:
gauyong_FD33377_photo12.jpg

7)      Type the command given below to enable bypass multicast policy:
config vdom
edit iptv
config system settings

             set multicast-skip-policy enable

       end

 

 

 

Note: Don’t forget to secure your WiFi, default ESSID is “Fortinet” without encryption