How to Configure a Basic FortiGate Firewall to Access the Internet

Introduction

Configuring a FortiGate firewall for basic internet access is one of the first steps when deploying a new firewall. While FortiGate is a powerful security device, many internet access issues happen simply because one of the core configuration steps is missing or misconfigured.

In this guide, we’ll walk through a simple and clean FortiGate setup that allows users behind the firewall to access the internet reliably.

Prerequisites

Before starting, make sure you have:

• A FortiGate device with GUI access

• An active internet connection from your ISP

• One interface for WAN and one for LAN

• Admin access to the FortiGate

This guide assumes a basic LAN → Internet setup.

Step 1: Configure WAN Interface

The WAN interface connects FortiGate to the internet.

What to Check

• Go to Network → Interfaces

• Edit the WAN interface

• Set addressing method:

  • DHCP (most ISPs)

  • Or Static IP (if provided by ISP)

• Enable Ping and HTTPS for testing (temporarily)

Make sure the WAN interface receives an IP address.

Step 2: Configure LAN Interface

The LAN interface connects internal users.

LAN Setup

• Assign a private IP address (example: 192.168.1.1/24)

• Enable DHCP Server on the LAN interface

• Configure DNS servers (FortiGate or public DNS)

Clients should receive IP, gateway, and DNS automatically.

Step 3: Configure Default Route

Without a default route, internet access will fail.

Verify Routing

• Go to Network → Static Routes

• Confirm a route exists:

This route tells FortiGate where to send internet traffic.

Step 4: Configure Firewall Policy (LAN to WAN)

Firewall policies control traffic flow.

Required Policy

• Incoming Interface: LAN

• Outgoing Interface: WAN

• Source: LAN subnet

• Destination: all

• Service: ALL

• Action: ACCEPT

• NAT: ENABLED

• Logging: Enabled (recommended)

⚠️ NAT must be enabled for internet access.

Step 5: Configure DNS Settings

DNS issues often look like “no internet”.

DNS Options

• Use FortiGate as DNS server

• Or configure public DNS:

  • 8.8.8.8

  • 1.1.1.1

Make sure DHCP provides correct DNS to clients.

Step 6: Test Internet Access

After configuration:

• Ping 8.8.8.8 from a client

• Try browsing a website

• Check policy logs for allowed traffic

Logs help confirm traffic is matching the correct policy.

Common Problems and Fixes

❌ No Internet Despite Policy

• NAT not enabled

• Wrong interface direction

• Policy order incorrect

❌ FortiGate Has Internet, Clients Don’t

• DHCP not configured

• DNS missing

• Firewall policy missing

❌ Policy Not Matching

• Wrong source or destination object

• Interface mismatch

• Policy placed below deny rules

Best Practices

• Keep initial setup simple

• Enable logs during testing

• Comment firewall policies

• Avoid unnecessary features during first setup

A clean baseline configuration prevents future issues.

Final Thoughts

Configuring basic internet access on a FortiGate firewall is straightforward when the fundamentals are applied correctly: interfaces, routing, policy, and NAT. Most issues occur when one of these steps is skipped or misconfigured. Starting with a clean and simple setup makes troubleshooting easier and builds a solid foundation for advanced security features later.