FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.


This article explains how to replace a TM UniFi Router with a FortiWiFi 80CM.

TM UniFi ( is a bundled triple play service from Telekom Malaysia offering High Speed Internet, HyppTV (IPTV) and Voice.




FortiWiFi 80CM interface:


Initial Configuration Steps:



1.       Connect your PC's network card to LAN port 1 of the FW80CM internal interface.

2.       Set your PCs IP address to with a subnet mask of

3.       Open up your web browser and head over to

4.       The default login for this switch is the username 'admin' with a blank password.




VLAN Configuration Steps:



It's now time to begin the configuration of the VLANs. Please note that I've written this guide with this particular configuration in mind :



  • WAN1 of the FW80CM will be connected to the BTU
  • DMZ of the FW80CM will be connected to the IPTV STB
  • LAN port 1~6 of the FW80CM will be connected to your PC & network device
  • WiFi of the FW80CM for Laptop with WiFi capable




Note: This guide is written based on FortiOS v4.3 (Steps should be more or less then same for any other MR)




To get your VLAN configuration running, simply follow these settings :




Create a VLAN500 for PPPoE:

1) Go to “System” > “Network” > “Interface”

2) Click "Create New"

3) Follow the settings in the screenshot, and configure your UniFi username & password accordingly:







Create a VLAN600 for IPTV (ignore this step if you not plan to use IPTV):

1) Go to “System” > “Network” > “Interface”

2) Click "Create New"

3) Follow the settings in the screenshot








Configure firewall policy for internal/WiFi to PPPoE interface:

1)      Purge all the default firewall policies, it’s not applicable in this case

2)      Internal to PPPoE:


3)      WiFi to PPPoE:







Configure bridge connection for IPTV (Ignore this steps if you not plan to use IPTV):



1)      Enable VDOM (Virtual Domain) via System Status

2)      Go to System > VDOM > VDOM, create a new VDOM “iptv”
- make sure Operation Mode is “Transparent”, configure dummy IP for Management IP & Default Gateway

3)      Go to “System” > “Network” > “Interface”, change VDOM for “wan.iptv” &” dmz” port

4)      Switch current VDOM to “iptv”:

5)      Create inbound & outbound firewall policy for “wan.iptv” & “dmz”

6)      Switch the VDOM to Global, go to “System” > “Dashboard” > “Status”, you will see a java base CLI console:

7)      Type the command given below to enable bypass multicast policy:
config vdom
edit iptv
config system settings

             set multicast-skip-policy enable





Note: Don’t forget to secure your WiFi, default ESSID is “Fortinet” without encryption